2.0

CMMC 2.0 AC.1.001 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems)
Level 1 Description: Access control policies (e.g., identity- or role-based policies, control matrices, and cryptography) control access between active...
Fri, 14 Jul, 2023 at 4:27 AM
CMMC 2.0 AC.1.002 Limit system access to the types of transactions and functions that authorized users are permitted to execute.
Level 1 Description: Organizations may choose to define access privileges or other attributes by account, by type of account, or a combination of both....
Fri, 14 Jul, 2023 at 6:53 AM
CMMC 2.0 AC.1.003 Verify and control/limit connections to and use of external information systems.
Level 1 Description: External systems are systems or components of systems for which organizations typically have no direct supervision and authority o...
Fri, 14 Jul, 2023 at 6:56 AM
CMMC 2.0 AC.1.004 Control Public Information Control information posted or processed on publicly accessible information systems.
Level 1 Description: In accordance with laws, Executive Orders, directives, policies, regulations, or standards, the public is not authorized access to...
Fri, 14 Jul, 2023 at 7:11 AM
CMMC 2.0 AC.2.016 Control CUI Flow Control the flow of CUI in accordance with approved authorizations.
Level 2 Description: Information flow control regulates where information can travel within a system and between systems (versus who can access the infor...
Fri, 14 Jul, 2023 at 7:33 AM
CMMC 2.0 AC.3.017 Separation of Duties Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
Level 2 Description: Separation of duties addresses the potential for abuse of authorized privileges and helps to reduce the risk of malevolent activit...
Fri, 14 Jul, 2023 at 8:07 AM
CMMC 2.0 AC.2.007 Employ the principle of least privilege, including for specific security functions and privileged accounts.
Level 2 Description: Organizations employ the principle of least privilege for specific duties and authorized accesses for users and processes. The pri...
Fri, 14 Jul, 2023 at 8:05 AM
CMMC 2.0 AC.2.008 Use non-privileged accounts or roles when accessing nonsecurity functions.
Level 2 Description: This requirement limits exposure when operating from within privileged accounts or roles. The inclusion of roles addresses situati...
Fri, 14 Jul, 2023 at 8:37 AM
CMMC 2.0 AC.3.018 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
Level 2 Description: Privileged functions include establishing system accounts, performing system integrity checks, conducting patching operations, or ...
Fri, 14 Jul, 2023 at 8:52 AM
CMMC 2.0 AC.2.009 Limit unsuccessful logon attempts.
Level 2 Description: This requirement applies regardless of whether the logon occurs via a local or network connection.  Due to the potential for denia...
Fri, 14 Jul, 2023 at 9:15 AM