Source |
ProofPoint |
Identifiant |
8482707 |
Date de publication |
2024-04-15 06:00:31 (vue: 2024-04-15 13:09:23) |
Titre |
Comment la protection d'identification de la preuve peut vous aider à répondre aux exigences de conformité CMMC How Proofpoint Impersonation Protection Can Help You Meet CMMC Compliance Requirements |
Texte |
The Cybersecurity Maturity Model Certification (CMMC) program enforces the protection of sensitive unclassified information that the U.S. Department of Defense (DoD) shares with its contractors and subcontractors.
Threat actors know how to hijack your trusted organization communications. They can impersonate you, your brand or your organization partners. And they can make a nice profit doing it. The FBI\'s 2023 Internet Crime Report notes that last year\'s adjusted losses from organization email compromise (BEC) cases exceeded $2.9 billion-up 7.4% from 2022.
Bad actors use spoofed domains, lookalike domains, compromised supplier accounts and other tactics in their attacks. So it\'s important to keep communications with trusted partners, customers and suppliers safe. This should be a top focus for government agencies and the organizations that they work with since they are key targets for bad actors.
Proofpoint helps you mitigate the risk of impersonation abuse with a holistic, multilayered approach. With Proofpoint Impersonation Protection, you can:
Protect your organization\'s communications from impersonation threats
Stop attackers from impersonating your brand
Detect and defend against risky suppliers, including compromised supplier accounts
Secure user and application emails so that they can be trusted
We help our federal and defense industrial base customers with Level 3 CMMC controls around the Risk Assessment (RA) and Identification and Authentication (IA) Practices. Here\'s how.
CMMC overviews for Level 3 controls
In this section, we match CMMC compliance requirements with the capabilities of Proofpoint Impersonation Protection.
CMMC Level 3 – Risk Assessment Practice
RA.L3-3.11.1e – Threat-Informed Risk Assessment
CMMC compliance requirement
Employ threat intelligence, at a minimum from open or commercial sources, and any DoD-provided sources, as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting and response and recovery activities.
RA.L3-3.11.3e – Advanced Risk Identification
CMMC compliance requirement
Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems and system components.
RA.L3-3.11.6e – Supply Chain Risk Response
CMMC compliance requirement
Assess, respond to and monitor supply chain risks associated with organizational systems and system components.
RA.L3-3.11.7e – Supply Chain Risk Plan
CMMC compliance requirement
Develop a plan for managing supply chain risks associated with organizational systems and system components; update the plan at least annually, and upon receipt of relevant cyber threat information, or in response to a relevant cyber incident.
How Proofpoint Impersonation Protection meets the Risk Assessment (RA) Practice needs above
Proofpoint Nexus Supplier Risk Explorer gives you insights into supplier risk. This includes threats where attackers are impersonating your agency as well as compromised suppliers and third parties.
Supplier Risk can also be used as part of a vendor risk management process when sourcing and choosing new vendors/suppliers. Proofpoint provides visibility into supply chain threats, lookalike detection, and impersonations of your brand with Supplier Risk and Domain Discover. This helps to create the supply chain risk plans that are needed to comply with CMMC.
Supplier Risk Explorer identifies supplier domains and shows you which suppliers pose a risk to your organization.
As noted above, Supplier Risk Explorer assesses the risk level of supplier domains by evaluating several dimensions, including:
Threats sent to your organization
Threats sent to other Proofpoint customers
The lookalikes of supplier domains
Whether a domain was recently registered
Whether a domain has a DMARC reject policy
By ranking an |
Envoyé |
Oui |
Condensat |
2022 2023 about above above abuse accounts accounts across activities actors additionally adjusted advanced against agencies agencies: agency allows also analysts analytics annually any application approach architectures are around assess assesses assessment assessment assets associated attackers attacks attention authenticated authenticates authentication automated automation bad base bec behalf better billion block blocking blog brand brand brief can can: capabilities carry cases certification chain choosing cmmc commercial communications compliance comply components components; compromise compromised configured connecting contractors controls controls create crime customers customers cyber cybersecurity data decisions deep defend defense department details detect detection develop development dimensions discover dmarc dod doing domain domains domains download efficiently email emails emerging employ employees enabling enforce enforces entire evaluating exceeded explorer faster fbi federal find focus framework fraud from gateway get gives government guide has help helps here hijack holistic how hunting identification identification identifies identify identity image impersonate impersonating impersonation impersonations important inbound incident includes including including: industrial inform information informed insider insights integration intelligence intelligence internet its keep key know known landscape last learn least level links lookalike lookalikes losses make management managing manual/procedural match maturity mechanisms meet meets minimum missions mitigate model monitor monitoring more more most multilayered need needed needs needs new nexus nice nist noted notes number ongoing only open organization organizational organizations organization other out overviews paper part parties partners pay place plan plans plan policy pose practice practices practice practice predict pressure prioritize prioritizing pro® proactively process products profile profit prohibit proofpoint properly protect protection provided provides ptis ranking receipt recently recognize recovery reduce registered reject relay relevant report requirement: requirements requirement respond response response risk risks risky safe section secure security see selection send senders sensitive sent services several shares sheet should shows since solution solutions sources sourcing spoofed state stop subcontractors supplier suppliers supply support system systems s communications tactics takedown targeting targets team these the cybersecurity third threat threats threats tie top trust trusted trusted turn unclassified under understand understanding unless untrusted update upon use used user vendor vendors/suppliers virtual visibility visit website well when where whether which white work year your program |
Tags |
Threat
Industrial
Prediction
Commercial
|
Stories |
|
Notes |
★★
|
Move |
|