2.0

CMMC 2.0 AU.3.049 Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
Level 2 Description: Audit information includes all information (e.g., audit records, audit log settings, and audit reports) needed to successfully aud...
Mon, 17 Jul, 2023 at 9:02 AM
CMMC 2.0 AU.3.050 Limit management of audit logging functionality to a subset of privileged users.
Level 2 Description: Individuals with privileged access to a system and who are also the subject of an audit by that system may affect the reliability ...
Mon, 17 Jul, 2023 at 9:13 AM
CMMC 2.0 CM.2.061 Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
Level 2 Description: Baseline configurations are documented, formally reviewed, and agreed-upon specifications for systems or configuration items withi...
Tue, 18 Jul, 2023 at 10:39 PM
CMMC 2.0 CM.2.064 Establish and enforce security configuration settings for information technology products employed in organizational systems.
Level 2 Description: Configuration settings are the set of parameters that can be changed in hardware, software, or firmware components of the system t...
Tue, 18 Jul, 2023 at 10:52 PM
CMMC 2.0 CM.2.065 Track, review, approve or disapprove, and log changes to organizational systems.
Level 2 Description: Tracking, reviewing, approving/disapproving, and logging changes is called configuration change control. Configuration change cont...
Tue, 18 Jul, 2023 at 11:04 PM
CMMC 2.0 CM.2.066 Analyze the security impact of changes prior to implementation.
Level 2 Description: Organizational personnel with information security responsibilities (e.g., system administrators, system security officers, system...
Tue, 18 Jul, 2023 at 11:13 PM
CMMC 2.0 CM.3.067 Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems.
Level 2 Description: Any changes to the hardware, software, or firmware components of systems can potentially have significant effects on the overall s...
Tue, 18 Jul, 2023 at 11:24 PM
CMMC 2.0 CM.2.062 Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
Level 2 Description: Systems can provide a wide variety of functions and services. Some of the functions and services routinely provided by default, ma...
Tue, 18 Jul, 2023 at 11:37 PM
CMMC 2.0 CM.3.068 Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.
Level 2 Description: Restricting the use of nonessential software (programs) includes restricting the roles allowed to approve program execution; prohi...
Tue, 18 Jul, 2023 at 11:47 PM
CMMC 2.0 CM.3.069 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.
Level 2 Description: The process used to identify software programs that are not authorized to execute on systems is commonly referred to as blacklisti...
Tue, 18 Jul, 2023 at 11:57 PM