Complying With the Cybersecurity Maturity Model Certification (CMMC) – Level 3

The CMMC compliance level 3 is described as a managed level with all CMMC practices being documented, an existing policy that covers all activities within a company, and an existing plan that is maintained and resourced to maintain a managed cyber hygiene.

Source: https://www.acq.osd.mil/cmmc/docs/CMMC_v1.0_Public_Briefing_20200131_v2.pdf

 

Maturity Level 3

 

Process Maturity (ML)

MC01 Improve [DOMAIN NAME] activities
ML.3.997
Establish, maintain, and resource a plan that includes [DOMAIN Network Automation Manager].

The following SolarWinds products support and may meet ML.3.997 protocol:

  • AppOpticsTm
  • Loggly®
  • Pingdom®
  • PapertrailTm
  • Access Rights Manager
  • Security Event Manager
  • Patch Manager
  • Backup
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Database Performance Analyzer
  • Service Desk

Access Control (AC)

C002 Control internal system access
AC.3.017

Separate the duties of individuals to reduce the risk of malevolent activity without collusion.

The following SolarWinds products meet AC.3.017 process protocol:

  • Access Rights Manager
  • N-able Remote Monitoring & Management

The following SolarWinds products support and may meet AC.3.017 protocol:

  • AppOptics
  • Loggly
  • Pingdom
  • Papertrail
  • Patch Manager
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Database Performance Analyzer

 

AC.3.018

Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

The following SolarWinds products meet AC.3.018 process protocol:

  • AppOptics
  • Loggly
  • Pingdom
  • Access Rights Manager
  • Patch Manager
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Database Performance Analyzer
  • Service Desk

The following SolarWinds products support and may meet AC.3.018 protocol:

  • Papertrail
  • Dameware® Remote Support
  • Dameware Remote Everywhere
  • N-able Take Control

AC.3.019

Terminate (automatically) user sessions after a defined condition.

The following SolarWinds products meet AC.3.019 process protocol:

  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Database Performance Analyzer
  • Service Desk

The following SolarWinds products support and may meet AC.3.019 protocol:

  • Access Rights Manager
  • Dameware Remote Support
  • Dameware Remote Everywhere
  • N-able Take Control
  • Serv-U
  • Patch Manager

 

AC.3.012

Protect wireless access using authentication and encryption.

The following SolarWinds products support and may meet AC.3.012 protocol:

  • Network Automation Manager
  • User Device Tracker

 

AC.3.020

Control connection of mobile devices.

The following SolarWinds products meet AC.3.020 process protocol:

  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • Network Automation Manager

 

C003 Control remote system access

AC.3.014

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

The following SolarWinds products meet AC.3.014 process protocol:

  • Dameware Remote Support
  • Dameware Remote Everywhere
  • N-able Take Control
  • Serv-U
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • Network Configuration Manager
  • User Device Tracker
  • Network Automation Manager
  • Server & Application Monitor
  • Server Configuration Monitor

The following SolarWinds products support and may meet AC.3.014 protocol:

  • Service Desk

 

AC.3.021
Authorize remote execution of privileged commands and remote access to security-relevant information.

The following SolarWinds products meet AC.3.021 process protocol:

  • Dameware Remote Support
  • Dameware Remote Everywhere
  • N-able Take Control
  • Serv-U
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • Network Configuration Manager
  • User Device Tracker
  • Network Automation Manager
  • Server & Application Monitor
  • Server Configuration Monitor

 

The following SolarWinds products support and may meet AC.3.021 protocol:

  • Patch Manager
  • IP Address Manager
  • Service Desk

 

Asset Management (AM)

 

C005 Identify and document assets
AM.3.036
Define procedures for the handling of CUI data.

The following SolarWinds products meet AM.3.036 process protocol:

  • Service Desk

The following SolarWinds products support and may meet AM.3.036 protocol:

  • Patch Manager
  • Backup
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Database Performance Analyzer

 

Audit & Accountability (AU)

 

C007 Define audit requirements
AU.3.045
Review and update logged events.

The following SolarWinds products meet AU.3.045 process protocol:

  • Security Event Manager

The following SolarWinds products support and may meet AU.3.045 protocol:

  • AppOptics
  • Access Rights Manager
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • Network Configuration Manager
  • Network Automation Manager

 

AU.3.046
Alert in the event of an audit logging process failure. 

The following SolarWinds products meet AU.3.046 process protocol:

  • Loggly
  • Security Event Manager
  • N-able Remote Monitoring & Management
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor

 

The following SolarWinds products support and may meet AU.3.046 protocol:

  • Network Performance Monitor

 

C008 Perform auditing
AU.3.048
Collect audit information (e.g., logs) into one or more central repositories.

The following SolarWinds products meet AU.3.048 process protocol:

  • Loggly
  • Security Event Manager
  • Patch Manager
  • Backup
  • Network Performance Monitor
  • Network Configuration Manager
  • Network Automation Manager
  • Log Analyzer
  • Server Configuration Monitor

The following SolarWinds products support and may meet AU.3.048 protocol:

  • AppOptics
  • Papertrail
  • Access Rights Manager

 

C009 Identify and protect audit information
AU.3.049
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

The following SolarWinds products meet AU.3.049 process protocol:

  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Service Desk

 

The following SolarWinds products support and may meet AU.3.049 protocol:

  • AppOptics
  • Loggly
  • Pingdom
  • Papertrail
  • Access Rights Manager
  • Security Event Manager

AU.3.050
Limit management of audit logging functionality to a subset of privileged users. 

The following SolarWinds products meet AU.3.050 process protocol:

  • Loggly
  • Pingdom
  • Papertrail
  • Access Rights Manager
  • Security Event Manager
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Service Desk

C010 Review and manage audit logs
AU.3.051
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.

The following SolarWinds products support and may meet AU.3.051 protocol:

  • Loggly
  • Security Event Manager
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Service Desk

 

AU.3.052
Provide audit record reduction and report generation to support on-demand analysis and reporting. 

The following SolarWinds products meet AU.3.052 process protocol:

  • AppOptics

The following SolarWinds products support and may meet AU.3.052 protocol:

  • Loggly
  • Pingdom
  • Papertrail
  • Access Rights Manager
  • Security Event Manager
  • Patch Manager
  • Backup
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor
  • Service Desk

 

Configuration Management (CM)

C014 Perform configuration and change management
CM.3.067
Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems.

The following SolarWinds products meet CM.3.067 process protocol:

  • Service Desk

The following SolarWinds products support and may meet CM.3.067 protocol:

  • Patch Manager
  • N-able Remote Monitoring & Management
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • Network Automation Manager
  • Server Configuration Monitor


CM.3.068
Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

The following SolarWinds products support and may meet CM.3.06 protocol:

  • N-able Remote Monitoring & Management
  • Network Configuration Manager
  • IP Address Manager
  • Network Automation Manager
  • Server Configuration Monitor

 

CM.3.069
Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.

The following SolarWinds products support and may meet CM.3.069 protocol:

  • N-able Remote Monitoring & Management
  • Network Configuration Manager
  • User Device Tracker
  • Network Automation Manager

 

C015 Grant access to authenticated entities
IA.3.083
Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.

The following SolarWinds products meet IA.3.083 process protocol:

  • Dameware Remote Support
  • Dameware Remote Everywhere
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • NetFlow Traffic Analyzer
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • VoIP & Network Quality Manager
  • Network Automation Manager
  • Log Analyzer
  • Server & Application Monitor
  • Server Configuration Monitor
  • Storage Resource Monitor
  • Virtualization Manager
  • Web Performance Monitor

The following SolarWinds products support and may meet IA.3.083 protocol:

  • Patch Manager


C018 Develop and implement a response to a declared incident
IR.3.098
Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization.

The following SolarWinds products meet IR.3.098 process protocol:

  • AppOptics
  • Service Desk

The following SolarWinds products support and may meet IR.3.098 protocol:

  • Security Event Manager
  • Patch Manager
  • N-able Remote Monitoring & Management
  • Network Performance Monitor
  • Network Configuration Manager
  • Network Automation Manager

 

C020 Test incident response
IR.3.099
Test the organizational incident response capability.

The following SolarWinds products meet IR.3.099 process protocol:

  • Service Desk

The following SolarWinds products support and may meet IR.3.099 protocol:

  • AppOptics

 

Media Protection (MP)

C022 Identify and mark media
MP.3.122
Mark media with necessary CUI markings and distribution limitations.

The following SolarWinds products support and may meet MP.3.122 protocol:

  • Network Performance Monitor
  • Network Configuration Manager
  • User Device Tracker
  • IP Address Manager
  • Network Automation Manager
  • Service Desk

 

C023 Protect and control media
MP.3.123
Prohibit the use of portable storage devices when such devices have no identifiable owner.

The following SolarWinds products support and may meet MP.3.123 protocol:

  • Network Automation Manager
  • Server & Application Monitor
  • Server Configuration Monitor

C025 Protect media during transport
MP.3.124
Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas.

The following SolarWinds products support and may meet MP.3.124 protocol:

  • N-able Remote Monitoring & Management

 

MP.3.125
Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards.

The following SolarWinds products support and may meet MP.3.125 protocol:

  • N-able Remote Monitoring & Management

Recovery (RE)

C029 Manage backups
RE.3.139
Regularly perform complete, comprehensive, and resilient data backups as organizationally defined.

The following SolarWinds products meet RE.3.139 process protocol:

  • Backup

The following SolarWinds products support and may meet RE.3.139 protocol:

  • Dameware Remote Support
  • Dameware Remote Everywhere
  • N-able Take Control

 

Risk Management (RM)

C031 Identify and evaluate risk
RM.3.144
Periodically perform risk assessments to identify and prioritize risks according to the defined risk categories, risk sources, and risk measurement criteria.

The following SolarWinds products meet RM.3.144 process protocol:

  • Patch Manager
  • Backup
  • Network Configuration Manager
  • Network Automation Manager
  • Server Configuration Monitor 

The following SolarWinds products support and may meet RM.3.144 protocol:

  • AppOptics
  • Loggly
  • Access Rights Manager
  • Log Analyzer
  • Service Desk

 

C032 Manage risk
RM.3.146
Develop and implement risk mitigation plans.

The following SolarWinds products support and may meet RM.3.146 protocol:

  • AppOptics
  • Patch Manager
  • Network Configuration Manager
  • Network Automation Manager

 

RM.3.147
Manage non-vendor-supported products (e.g., end of life) separately and restrict as necessary to reduce risk.

The following SolarWinds products support and may meet RM.3.147 protocol:

  • Network Configuration Manager
  • Network Automation Manager
  • Server Configuration Monitor

Security Assessment (CA) 

C035 Define and manage controls
CA.3.161
Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. 

The following SolarWinds products meet CA.3.161 process protocol:

  • Loggly
  • Access Rights Manager
  • Security Event Manager
  • Patch Manager
  • N-able Remote Monitoring & Management
  • Network Configuration Manager
  • Network Automation Manager
  • Log Analyzer
  • Server Configuration Monitor

 

Below you can find links to all products mentioned by category:

Network Monitoring and Management

Systems Monitoring and Management

Database Performance Monitoring

IT Security

IT Service Management

Application Performance Management

Managed Service Providers

Anonymous