Indicator of Compromise (IOC)

An Indicator of Compromise (IOC) is a piece of forensic evidence that suggests a system or network has been breached. IOCs include suspicious IP addresses, unusual file hashes, malicious domain names, unexpected registry changes, abnormal network traffic patterns, and other artifacts that indicate malicious activity has occurred.

Security teams use IOCs to detect breaches, investigate incidents, and hunt for threats in their environment. Sharing IOCs between organizations — through threat intelligence feeds and information sharing communities — helps everyone detect threats faster.

Why It Matters

The ability to detect and respond to IOCs is part of the monitoring and incident response capabilities CMMC requires. Integrating threat intelligence feeds with IOC data into your security monitoring improves your ability to detect compromises early.