2.0

CMMC 2.0 AC.3.022 Encrypt CUI on mobile devices and mobile computing platforms.
Level 2 Description: Organizations can employ full-device encryption or container-based encryption to protect the confidentiality of CUI on mobile de...
Mon, 17 Jul, 2023 at 5:18 AM
CMMC 2.0 AC.2.006 Limit use of portable storage devices on external systems.
Level 2 Description: Limits on the use of organization-controlled portable storage devices in external systems include complete prohibition of the us...
Mon, 17 Jul, 2023 at 5:27 AM
CMMC 2.0 AT.2.056 Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to t
Level 2 Description: Organizations determine the content and frequency of security awareness training and security awareness techniques based on the s...
Mon, 17 Jul, 2023 at 5:43 AM
CMMC 2.0 AT.2.057 Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
Level 2 Description: Organizations determine the content and frequency of security training based on the assigned duties, roles, and responsibilities o...
Mon, 17 Jul, 2023 at 5:55 AM
CMMC 2.0 AT.3.058 Provide security awareness training on recognizing and reporting potential indicators of insider threat.
Level 2 Description: Potential indicators and possible precursors of insider threat include behaviors such as inordinate, long-term job dissatisfaction...
Mon, 17 Jul, 2023 at 6:05 AM
CMMC 2.0 SI.2.217 Identify unauthorized use of organizational systems.
Level 2 Description: System monitoring includes external and internal monitoring. System monitoring can detect unauthorized use of organizational syste...
Mon, 17 Jul, 2023 at 8:38 AM
CMMC 2.0 SI.2.216 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.
Level 2 Description: System monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the ...
Mon, 17 Jul, 2023 at 8:39 AM
CMMC 2.0 AU.2.042 Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
Level 2 Description: An event is any observable occurrence in a system, which includes unlawful or unauthorized system activity. Organizations identify...
Mon, 17 Jul, 2023 at 7:04 AM
CMMC 2.0 SI.2.214 Monitor system security alerts and advisories and take action in response.
Level 2 Description: Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious c...
Mon, 17 Jul, 2023 at 8:43 AM
CMMC 2.0 AU.2.041 Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions.
Level 2 Description: This requirement ensures that the contents of the audit record include the information needed to link the audit event to the actio...
Mon, 17 Jul, 2023 at 7:18 AM