CMMC Practice SC.L2-3.13.6 – Network Communication by Exception: Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). Links to Publicly Available Resources Cisco – CLI...
CMMC Practice SC.L2-3.13.4 – Shared Resource Control: Prevent unauthorized and unintended information transfer via shared system resources. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for...
CMMC Practice SC.L2-3.13.3 – Role Separation: Separate user functionality from system management functionality. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity...
CMMC Practice SC.L2-3.13.2 – Security Engineering: Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. Links to Publicly Available Resources...
CMMC Practice SC.L2-3.13.11 – CUI Encryption: Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting...
CMMC Practice SC.L2-3.13.12 – Collaborative Device Control: Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device. Links to Publicly Available Resources Cloudwards – How to...
CMMC Practice SC.L1-3.13.5 – Public-Access System Separation: Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. Links to Publicly Available Resources CMMC Level 1 Assessment Guide...
CMMC Practice SC.L1-3.13.1 – Boundary Protection: Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the...
CMMC Practice SA.3.169: Receive and respond to cyber threat intelligence from information sharing forums and sources and communicate to stakeholders. Links to Publicly Available Resources Boston University – Identity and Access Management Policy A sample...
CMMC Practice CA.L2-3.12.3 – Security Control Monitoring: Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment...
