Executive Summary
CMMC objective AC.L2-3.14.2[b] requires organizations to define procedures for responding to malicious code. Define incident response steps and escalation paths. Leadership must confirm documented malware response procedures and training.