CMMC practice SC.L2-3.13.6 assessment objectives [a] and [b] require contractors’ systems to deny network communications traffic by default [a] and allow network communications traffic by exception [b] respectively. As a CCA, you assess whether an OSC has segmented its network into different zones. The OSC has implemented Access Control Lists (ACLs) on its network devices to permit or deny traffic based on source and destination IP addresses and ports. Additionally, the OSC uses a Fortinet Next-Generation Firewall (NGFW). To monitor their computing environment, theOSC uses a state-of-the-art SIEM. Which of the following assessment methods is NOT a method you would use to assess whether the OSC has met assessment objectives [a] and [b]?
Submit