CMMC Practice AC.L2-3.1.11 – Session Termination: Terminate (automatically) user sessions after a defined condition. Links to Publicly Available Resources Apple – Set your Mac to log out when not in use This article shows the actual configuration that...
CMMC Practice AC.L2-3.1.7 – Privileged Functions: Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document...
CMMC Practice AC.L2-3.1.4 – Separation of Duties: Separate the duties of individuals to reduce the risk of malevolent activity without collusion. Links to Publicly Available Resources Brookhaven National Laboratory – Example Separation of Duties Policy...
CMMC Practice AC.L2-3.1.3 – Control CUI Flow: Control the flow of CUI in accordance with approved authorizations. Links to Publicly Available Resources Boston University – Data Lifecycle Management Policy This Boston University guidance defines the...
CMMC Level 1 CMMC Level 2 CMMC Level 3 CMMC Level 3 Practices: ExpertLevel 3 will be based on a subset of NIST SP 800-172 requirements. Details will be released at a later date. Level 3 Scoping GuidanceLevel 3 Assessment Guide CMMC Level...
CMMC Level 1 CMMC Level 2 CMMC Level 3 CMMC Level 1 Level 1 focuses on the protection of FCI and consists of only practices that correspond to the basic safeguarding requirements specified in 48 CFR 52.204-21, commonly referred to as the FAR Clause Level 1 Scoping...
CMMC Practice AC.L1-3.1.22 – Control Public Information: Control information posted or processed on publicly accessible information systems. Links to Publicly Available Resources Carnegie Mellon University Information Security Office – Guidelines for Data...
CMMC Practice AC.L1-3.1.20 – External Connections: Verify and control/limit connections to and use of external information systems. Links to Publicly Available Resources CMMC Level 1 Assessment Guide This document provides assessment guidance for conducting...
CMMC Practice AC.L1-3.1.2 – Transaction & Function Control: Limit information system access to the types of transactions and functions that authorized users are permitted to execute. Links to Publicly Available Resources Boston University – Identity...
CMMC Practice AC.L1-3.1.1 – Authorized Access Control: Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). Links to Publicly Available Resources Boston University...
