See below all the 7 controls
← or go back to the NIST SP 800-171 R2 GuideGot questions? Contact our team today for a free CMMC Consultation
Implement tools and processes to detect, report, prioritize, and remediate known system vulnerabilities. Define timelines for applying patches based on severity and verify remediation through vulnerability scans or compliance tools.
More details Less details
+ —SI-2: System Flaw Remediation
SI-3: Malware Protection
SI-5: Security Advisories
Microsoft 365 E5 with GCC High
(includes Microsoft Defender Vulnerability Management and centralized alerting through Security Center)
Implement malware protection across designated system entry points (e.g., endpoints, email gateways, SharePoint, Teams). Use anti-malware tools capable of real-time detection, file scanning, and threat mitigation at these locations.
More details Less details
+ —SI-2: System Flaw Remediation
SI-3: Malware Protection
SI-5: Handling of Security Alerts and Advisories
Microsoft 365 E5 with GCC High
(includes Defender for Endpoint and Defender for Office 365 for multi-layer malware protection)
Monitor system security alerts and advisories and take action in response
More details Less details
+ —SI-2: Identify, report, and correct system flaws in a timely manner
SI-3: Detect, prevent, and respond to malware threats
SI-5: Receive, generate, disseminate, and act upon security alerts, advisories, and directives in a timely manner
Microsoft 365 E5 with GCC High
(includes Microsoft Defender and Threat Analytics Center for alert monitoring and automated threat response)
Ensure that malware protection mechanisms are updated automatically with the latest definitions, signatures, and detection engines. Updates should be applied promptly when released by the vendor to maintain continuous protection against emerging threats.
More details Less details
+ —SI-3: Detect, prevent, and respond to malware threats
Microsoft 365 E5 with GCC High
(includes Defender for Endpoint with automatic protection updates and cloud-based threat intelligence)
Implement both periodic and real-time malware scans on organizational systems. Ensure files from external sources (e.g., downloads, USB devices, email attachments) are scanned upon download, access, or execution.
More details Less details
+ —SI-3: Detect, prevent, and respond to malware threats
Microsoft 365 E5 with GCC High
(includes Defender for Endpoint P2 with real-time and scheduled scans, plus threat intelligence integration)
Continuously monitor organizational systems — including endpoint and network traffic—for signs of attack or compromise. Correlate log data with updated threat intelligence to detect, alert, and respond to suspicious activity in real time.
More details Less details
+ —AU-2: Event logging
AU-6: Audit Review and Analysis
SI-4: System Monitoring
SI-4 (4): Threat Intelligence Integration
Microsoft 365 E5 with GCC High
(includes Sentinel for threat correlation, Defender XDR for traffic and behavior analysis, and Audit Premium for event log centralization)
Detect and alert unauthorized use of organizational systems through audit log review, anomaly detection, and behavioral analysis. Monitoring must cover login attempts, role abuse, and unusual access patterns.
More details Less details
+ —SI-4: Monitor system activities to detect and respond to security incidents
Microsoft 365 E5 with GCC High
(includes Defender XDR for behavioral monitoring, Purview Audit Premium for audit log inspection, and Sentinel for SIEM correlation)
See how Agile IT's MSP for CMMC can strengthen your data security and allow your team to focus on your business's objectives and success.
Schedule a FREE