Requirement text: SC.5.208: Employ organizationally defined and tailored boundary protections in
addition to commercially available solutions.
DISCUSSION FROM SOURCE: CMMC
Advanced adversaries study and analyze standard commercial security solutions and
standard configurations of those systems. They develop and test attack techniques that will
not be mitigated by those solutions. Tailoring protections forces the adversary to confront
a security solution or configuration that they have not seen anywhere else. They will not
have developed a way around it.
CMMC CLARIFICATION
Organizations shall tailor the configuration and function of one or more of their boundary
protection systems so it will mitigate (protect or detect) attack activities in some manner not
typical of commercial security solutions. This can range from an internally developed
security solution to just custom configurations and signatures.
Example 1
You manage the organization’s Intrusion Prevention System (IPS) system. You analyzed
several phishing emails containing malware scripts and noticed similarities between them.
You create a custom rule in the IPS to monitor for and block emails that matched this
signature.
Example 2
You are the network security manager for the company. You are responsible for checking
the vendor signatures on the IPS and checking that sandboxing appliances are being updated
automatically. You write custom rules to alert on zero-day vulnerabilities the ND-ISAC has
reported.
References
• CMMC