Requirement text: SA.3.169: Receive and respond to cyber threat intelligence from information sharing
forums and sources and communicate to stakeholders.
DISCUSSION FROM SOURCE: CMMC
Establish relationships with external organizations to gather cyber threat intelligence
information. Cyber threat information from external sources should inform situational
awareness activities within the organization. Relevant external threat information is
communicated to stakeholders within the organization for appropriate action if needed.
CMMC CLARIFICATION
To enhance situational awareness activities within the organization, leverage external
sources for cybersecurity threat information. Establish a relationship with external
organizations, or periodically survey relevant sources, to ensure you are receiving up-to-
date threat intelligence information pertinent to your organization. Examples of sources
include: US-CERT, various critical infrastructure sector ISACs, ICS-CERT, industry
associations, vendors, and federal briefings.
Threat information is reviewed and, if applicable to your organization, communicated to the
appropriate stakeholders for action.
Example
You are in charge of IT operations for your company. Part of your role is to ensure you are
aware of up-to-date cyber threat intelligence information so you can properly perform risk
assessments and vulnerability analyses. To do this, you join a defense sector ISAC, and sign-
up for alerts from US-CERT. You use information you receive from these external entities to
update your threat profiles, vulnerability scans, and risk assessments. Also, you use these
sources to gather best practices for informing your employees of potential threats and
disseminate the information throughout your organization to the appropriate stakeholders.
References
• CMMC
• NIST CSF v1.1 ID.RA-2
• NIST SP 800-53 Rev 4 PM-16