System And Communications Protection
Employ organizationally defined and tailored boundary protections in addition to commercially available solutions.
Organizations shall tailor the configuration and function of one or more of their boundary protection systems so it will mitigate (protect or detect) attack activities in some manner not typical of commercial security solutions. This can range from an internally developed security solution to just custom configurations and signatures. Example 1 You manage the organization’s Intrusion Prevention System (IPS) system. You analyzed several phishing emails containing malware scripts and noticed similarities between them. You create a custom rule in the IPS to monitor for and block emails that matched this signature. Example 2 You are the network security manager for the company. You are responsible for checking the vendor signatures on the IPS and checking that sandboxing appliances are being updated automatically. You write custom rules to alert on zero-day vulnerabilities the ND-ISAC has reported.
CMMC Advanced adversaries study and analyze standard commercial security solutions and standard configurations of those systems. They develop and test attack techniques that will not be mitigated by those solutions. Tailoring protections forces the adversary to confront a security solution or configuration that they have not seen anywhere else. They will not have developed a way around it.