SC.4.197 Employ physical and logical isolation techniques in the system and security architecture and/or where deemed appropriate by the organization.

CMMC Practice SC.4.197: Employ physical and logical isolation techniques in the system and security architecture and/or where deemed appropriate by the organization.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Where the organization deems appropriate they will physically or logically isolate systems containing or processing CUI data from other systems supporting non-CUI business operations. Access controls are implemented to prevent non-authorized users from accessing the networks containing systems hosting and processing CUI information.