Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders.
To enhance situational awareness activities within the organization, leverage external sources for cybersecurity threat information. Establish a relationship with external organizations, or periodically survey relevant sources, to ensure you are receiving up-todate threat intelligence information pertinent to your organization. Examples of sources include: US-CERT, various critical infrastructure sector ISACs, ICS-CERT, industry associations, vendors, and federal briefings. Threat information is reviewed and, if applicable to your organization, communicated to the appropriate stakeholders for action. Example You are in charge of IT operations for your company. Part of your role is to ensure you are aware of up-to-date cyber threat intelligence information so you can properly perform risk assessments and vulnerability analyses. To do this, you join a defense sector ISAC, and signup for alerts from US-CERT. You use information you receive from these external entities to update your threat profiles, vulnerability scans, and risk assessments. Also, you use these sources to gather best practices for informing your employees of potential threats and disseminate the information throughout your organization to the appropriate stakeholders.
CMMC Establish relationships with external organizations to gather cyber threat intelligence information. Cyber threat information from external sources should inform situational awareness activities within the organization. Relevant external threat information is communicated to stakeholders within the organization for appropriate action if needed.
NIST SP 800-53 Rev 4 PM-16
NIST CSF v1.1 ID.RA-2
SA.3.169.[a] the organization identifies cyber threat intelligence from information sharing forums and sources;
SA.3.169.[b] the organization responds to cyber threat intelligence from information sharing forums and sources; and
SA.3.169.[c] the organization communicates this information to appropriate stakeholders.