CMMC Practice CM.L2-3.4.9 – User-Installed Software: Control and monitor user-installed software. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment guidance for conducting Cybersecurity Maturity Model...
CMMC Practice CM.L2-3.4.6 – Least Functionality: Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities. Links to Publicly Available Resources Canadian Centre for Cyber Security – Guidance...
CMMC Practice CM.L2-3.4.1 – System Baselining: Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. Links to...
CMMC Practice AT.L2-3.2.3 – Insider Threat Awareness: Provide security awareness training on recognizing and reporting potential indicators of insider threat. Links to Publicly Available Resources Carnegie Mellon University – Effective Insider Threat...
CMMC Practice AT.L2-3.2.2 – Role-Based Training: Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides...
CMMC Practice AT.L2-3.2.1 – Role-Based Risk Awareness: Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and...
