CMMC Practice AC.L2-3.1.7 – Privileged Functions: Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document...
CMMC Practice AC.L2-3.1.4 – Separation of Duties: Separate the duties of individuals to reduce the risk of malevolent activity without collusion. Links to Publicly Available Resources Brookhaven National Laboratory – Example Separation of Duties Policy...
CMMC Practice AC.L2-3.1.3 – Control CUI Flow: Control the flow of CUI in accordance with approved authorizations. Links to Publicly Available Resources Boston University – Data Lifecycle Management Policy This Boston University guidance defines the...
CMMC Level 1 CMMC Level 2 CMMC Level 3 CMMC Level 3 Practices: ExpertLevel 3 will be based on a subset of NIST SP 800-172 requirements. Details will be released at a later date. CMMC Level...
CMMC Level 1 CMMC Level 2 CMMC Level 3 CMMC Level 1 Level 1 focuses on the protection of FCI and consists of only practices that correspond to the basic safeguarding requirements specified in 48 CFR 52.204-21, commonly referred to as the FAR Clause Level 1 Scoping...
CMMC Practice AC.L1-3.1.22 – Control Public Information: Control information posted or processed on publicly accessible information systems. Links to Publicly Available Resources Carnegie Mellon University Information Security Office – Guidelines for Data...
