2.0

CMMC 2.0 IA.2.081Store and transmit only cryptographically-protected passwords.
Level 2 Description: Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See [NIST CRYPTO].  Priority: High...
Wed, 19 Jul, 2023 at 4:41 AM
CMMC 2.0 IA.2.082 Obscure feedback of authentication information.
Level 2 Description: The feedback from systems does not provide any information that would allow unauthorized individuals to compromise authentication ...
Wed, 19 Jul, 2023 at 4:53 AM
CMMC 2.0 IR.2.092 Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.
Level 2 Description:  Organizations recognize that incident handling capability is dependent on the capabilities of organizational systems and the miss...
Mon, 24 Jul, 2023 at 6:33 AM
CMMC 2.0 MP.2.121 Control the use of removable media on system components.
Level 2 Description:   In contrast to requirement 3.8., which restricts user access to media, this requirement restricts the use of certain types of media...
Mon, 24 Jul, 2023 at 7:27 AM
CMMC 2.0 MP.3.123 Prohibit the use of portable storage devices when such devices have no identifiable owner.
Level 2 Description:    Requiring identifiable owners (e.g., individuals, organizations, or projects) for portable storage devices reduces the overall ris...
Mon, 24 Jul, 2023 at 7:43 AM
CMMC 2.0 RE.2.138 Protect the confidentiality of backup CUI at storage locations.
Level 2 Description:    Organizations can employ cryptographic mechanisms or alternative physical controls to protect the confidentiality of backup inform...
Mon, 24 Jul, 2023 at 7:55 AM
CMMC 2.0 PS.2.127 Screen individuals prior to authorizing access to organizational systems containing CUI.
Description:    Personnel security screening (vetting) activities involve the evaluation/assessment of individual’s conduct, integrity, judgment, loyalty, ...
Mon, 24 Jul, 2023 at 8:04 AM
CMMC 2.0 PS.2.128 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.
Level 2 Description:    Protecting CUI during and after personnel actions may include returning system-related property and conducting exit interviews. Sy...
Mon, 24 Jul, 2023 at 8:14 AM
CMMC 2.0 PE.1.131 Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
Level 1 Description:    This requirement applies to employees, individuals with permanent physical access authorization credentials, and visitors. Authori...
Mon, 24 Jul, 2023 at 8:24 AM
CMMC 2.0 PE.1.132 Escort visitors and monitor visitor activity.
Level 1 Description:    Individuals with permanent physical access authorization credentials are not considered visitors. Audit logs can be used to monito...
Mon, 24 Jul, 2023 at 8:38 AM