CMMC SC.5.198 - Configure Monitoring Systems to Record Network Packets

CMMC SC.5.198 - Configure Monitoring Systems to Record Network Packets

Requirement text: SC.5.198: Configure monitoring systems to record packets passing through the
organization's Internet network boundaries and other organizational-defined boundaries.

DISCUSSION FROM SOURCE: CIS CONTROLS V7.1
Configure monitoring systems to record network packets passing through the boundary at
each of the organization’s network boundaries.

CMMC CLARIFICATION
The organization shall capture and save all packets traversing the network boundary for a
period of time determined by the organization. The system will support detailed analysis of
an event showing what packets were transmitted and received and be able to reconstruct
and determine content transmitted during a specific time period.

Example
You manage security systems for the organization. You purchase a network recorder
appliance and install it between the firewall and the Internet router to record all traffic
entering or exiting the organization’s network. The network recorder is configured to retain
three months of network traffic.

References
• CIS Controls v7.1 12.5

    • Related Articles

    • CMMC AM.4.226 - Discover Systems on Network

      Requirement text: AM.4.226: Employ a capability to discover and identify systems with specific component attributes (e.g., firmware level, OS type) within your inventory. DISCUSSION FROM SOURCE: CMMC Organizations employ systems that can assess ...

    • Systems and Communications Protection: SP 800-171 Security Family 3.13

      System and communications protection requirements provide an array of safeguards for the system. Some of the requirements in this family address the confidentiality information at rest and in transit. The protection of confidentiality can be provided ...

    • CMMC SC.1.176 – Segment Systems and Networks

      Requirement text: SC.1.176: Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Subnetworks that are physically or ...

    • CMMC SC.4.228 - Isolate Administration of High-Value Systems

      Requirement text: SC.4.228: Isolate administration of organizationally defined high-value critical network infrastructure components and servers. DISCUSSION FROM SOURCE: CMMC Organizations apply systems security engineering concepts and principles to ...

    • CMMC SI.2.216 - Monitor Systems Communications Traffic

      Requirement text: SI.2.216: Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 System monitoring includes ...