AC.L2-3.6.1[b] — Incident Response (Detection)
Domain: Incident Response (IR) | Practice: IR.L2-3.6.1 | Objective ID: 3.6.1[b] | Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2
Assessment Objective: An operational incident-handling capability is established that includes detection.
Implement detection capabilities (SIEM, IDS/IPS, endpoint detection, log monitoring) that can identify potential security incidents involving CUI systems in a timely manner. For organizations handling CUI, this objective is part of the foundation for every downstream control. Under DFARS 252.204-7012, this will be evaluated during CMMC Level 2 assessments.
Key Requirements:
- A documented control implementation for incident detection in the SSP
- A named control owner accountable for this objective
- Detection capabilities configured and operating across all CUI-bearing systems
- Monitoring and detection mechanism producing continuous evidence
- Documented review cadence with signed evidence
- Defined remediation path for gaps or exceptions
Tags: AC.L2-3.6.1[b], cmmc, level-2, domain-ir