SI β System & Information Integrity Domain Notes
CMMC Domain: SI (System & Information Integrity)
NIST 800-171 Family: 3.14.x
General Notes
Endpoint Detection & Response (EDR)
- EDR is the primary technical control for malware protection (SI.L2-3.14.2)
- Huntress β mentioned multiple times in community; used alongside PreVeil + Fortigate setups
- Microsoft Defender β native to GCC High environments; covers many SI controls through inheritance
- CrowdStrike, SentinelOne β enterprise options mentioned
Patch Management / Flaw Remediation (SI.L2-3.14.4 / 3.14.5)
- Intune used for patch management in M365 GCC High environments
- Must document patching cadence and procedures
- Linux patching needs separate consideration β approved repos + documented process
- IoT/specialized assets: may need manual patching procedures documented
Antivirus / Malware Scanning
- Microsoft Defender Antivirus (built into Windows/M365) satisfies basic requirements for GCC High orgs
- Ensure it's configured via Intune policy, not just default settings
- Real-time scanning must be enabled and documented
Security Alerts / Monitoring
- SIEM integration (see AU.md) covers logging side
- SI requires not just logging but acting on alerts
- Document your alert response procedures β what happens when Defender/EDR fires?
- Automated responses via Power Automate mentioned in community
Continuous Monitoring
- Per Rev3 Memo, ODPs can be simplified β "keep your ODPs simple"
- Ticket counts drop ~30% post-audit when controls are implemented correctly
- Recurring tasks largely automated: alerting + Power Automate
- Source: cmmclevel1000 comment in megathread
Related Posts
- ThreatLocker + Network Stack Advice β 2026-02-15 (CM/SI overlap)
- Continuous Monitoring MSP status β 2026-03-06