CMMC Practice CA.L2-3.12.2 – Plan of Action: Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems. Links to Publicly Available Resources Centers for Medicare & Medicaid...
CMMC Practice CA.L2-3.12.1 – Security Control Assessment: Periodically assess the security controls in organizational systems to determine if the controls are effective in their application. Links to Publicly Available Resources CMMC Level 2 Assessment Guide...
CMMC Practice CA.L2-3.12.4 – System Security Plan: Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or...
CMMC Practice RA.L2-3.11.3 – Vulnerability Remediation: Remediate vulnerabilities in accordance with risk assessments. Links to Publicly Available Resources BrightTALK – Is Your Vulnerability Management Program Vulnerable? In this two part webinar from...
CMMC Practice RA.L2-3.11.2 – Vulnerability Scan: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. Links to Publicly Available Resources Assured...
CMMC Practice RA.L2-3.11.1 – Risk Assessments: Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the...
CMMC Practice MP.L2-3.8.9 – Protect Backups: Protect the confidentiality of backup CUI at storage locations. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity...
CMMC Practice PE.L2-3.10.6 – Alternative Work Sites: Enforce safeguarding measures for CUI at alternate work sites. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity...
CMMC Practice PE.L2-3.10.2 – Monitor Facility: Protect and monitor the physical facility and support infrastructure for organizational systems. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for...
CMMC Practice PE.L1-3.10.5 – Manage Physical Access: Control and manage physical access devices. Links to Publicly Available Resources CMMC Level 1 Assessment Guide This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model...
