When assessing SI.

Cyber AB CMMC-CCP Question Answer

When assessing SI.L1-3.14.2: Provide protection from malicious code at appropriate locations within organizational information systems, evidence shows that all of the OSC's workstations and servers have antivirus software installed for malicious code protection. A centralized console for the antivirus software management is in place and records show that all devices have received the most updated antivirus patterns. What is the BEST determination that the Lead Assessor should reach regarding the evidence?

It is sufficient, and the audit finding can be rated as MET.

It is insufficient, and the audit finding can be rated NOT MET.

It is sufficient, and the Lead Assessor should seek more evidence.

It is insufficient, and the Lead Assessor should seek more evidence.

Explanation:

Understanding SI.L1-3.14.2: Provide Protection from Malicious CodeThe CMMC Level 1 practiceSI.L1-3.14.2is based onNIST SP 800-171 Requirement 3.14.2, which requires organizations to:

Implement malicious code protection(e.g., antivirus, endpoint security software).

Ensure coverage across all appropriate locations(e.g., workstations, servers, network entry points).

Keep protection mechanisms updated(e.g., regular signature updates, policy enforcement).

Assessment Criteria for a "MET" Rating:To determine whether the practice isMET, the Lead Assessor must confirm that:

✔Antivirus or endpoint protection software is installedon all workstations and servers.

✔The solution is centrally managed, ensuring consistent policy enforcement.

✔Signature updates are current, meaning systems are protected against new threats.

✔Logs or reports demonstrate active monitoring and updates.

Why is the Correct Answer "A. It is sufficient, and the audit finding can be rated as MET"?The provided evidenceconfirms all necessary requirementsfor SI.L1-3.14.2:

✔All workstations and servers have antivirus installed→Meets installation requirement.

✔A centralized management console is in place→Ensures consistent enforcement.

✔Records show antivirus signatures are up to date→Confirms system protection is current.

Because the evidencemeets the requirement, the practice should berated as MET.

B. It is insufficient, and the audit finding can be rated NOT MET → Incorrect

The evidence providedmeets all necessary requirements, so the practiceshould not be rated as NOT MET.

C. It is sufficient, and the Lead Assessor should seek more evidence → Incorrect

Ifadequate evidence already exists,additional evidence is unnecessary.

D. It is insufficient, and the Lead Assessor should seek more evidence → Incorrect

The evidence providedmeets the control requirements, making itsufficient.

Why Are the Other Answers Incorrect?

CMMC Assessment Process (CAP) Document

Specifies that a practice can be marked asMET if sufficient evidence is provided.

NIST SP 800-171 (Requirement 3.14.2)

Defines the standard formalicious code protection, which ismet by antivirus with active updates.

CMMC 2.0 Level 1 (Foundational) Requirements

Clarifies that basic cybersecurity measures likeantivirus installation and updatesmeet compliance forSI.L1-3.14.2.

CMMC 2.0 References Supporting This Answer:

Final Answer:✔A. It is sufficient, and the audit finding can be rated as MET.

CMMC-CCP PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 60% Discount on All Products, Use Coupon: "8w52ceb345"

Who makes the final determination of the assessment method used for each practice?

A contractor stores security policies, system configuration files, and audit logs in a centralized file...

Winter Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 8w52ceb345

When assessing SI.

The Answer Is:

Explanation:

Quick Links