Background
Michael Scott Paper Company is a small business providing paper and associated products. One of their sales team members, Ryan Howard, developed a web application allowing clients to upload files which are then printed on demand and shipped to the client in whatever volume they choose. This web application has drawn the interest of a US Federal agency, a massive opportunity for the small company. Before the agency can sign a contract with the Michael Scott Paper Company they have asked for the company to complete a self assessment of the web application and the system it resides on to confirm that it meets CMMC 2.0 Level 1 requirements.
Your newly formed team of 4 has been tasked with reviewing the Michael Scott Paper Company web application and supporting documentation to determine if they meet CMMC 2.0 Level 1 requirements or identifying what gaps exist in their environment and outline your recommendations for improvement.
The Web Application
The Michael Scott Paper Company has provided you with a cloned virtual machine with their app and all system settings as they are configured in production so you can conduct your assessment. Since you may need to login to the system to check configuration settings or view log files they have created an account for you to login for your review.
The Deliverable
Review the web application, the system it runs on, and supporting documentation and determine if it meets the CMMC 2.0 Level 1 requirements ONLY for the following Three sections:
SI.L1-3.14.2 – MALICIOUS CODE PROTECTION
SI.L1-3.14.4 – UPDATE MALICIOUS CODE PROTECTION
SI.L1-3.14.5 – SYSTEM & FILE SCANNING
If so, document your reasoning as to why they meet each requirement, 3 in all. If not, document the gaps that exist in their environment that need to be addressed before they meet all CMMC 2.0 Level 1 requirements.
VM