2.0

CMMC 2.0 PE.1.133 Maintain audit logs of physical access.
Level 2 Description:    Organizations have flexibility in the types of audit logs employed. Audit logs can be procedural (e.g., a written log of individua...
Mon, 24 Jul, 2023 at 8:44 AM
CMMC 2.0 PE.1.134 Control and manage physical access devices.
Level 1 Description:    Physical access devices include keys, locks, combinations, and card readers.  Priority: High Domain:  PHYSICAL PROTECTION (PE...
Mon, 24 Jul, 2023 at 8:55 AM
CMMC 2.0 PE.2.135 Protect and monitor the physical facility and support infrastructure for organizational systems.
Level 2 Description:    Monitoring of physical access includes publicly accessible areas within organizational facilities. This can be accomplished, for ...
Mon, 24 Jul, 2023 at 9:05 AM
CMMC 2.0 PE.3.136 Enforce safeguarding measures for CUI at alternate work sites.
Level 2 Description:    Alternate work sites may include government facilities or the private residences of employees. Organizations may define different ...
Mon, 24 Jul, 2023 at 9:14 AM
CMMC 2.0 RM.2.141 Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associa
Level 2 Description:    Clearly defined system boundaries are a prerequisite for effective risk assessments. Such risk assessments consider threats, vulne...
Mon, 24 Jul, 2023 at 9:23 AM
CMMC 2.0 RM.2.142 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.
Level 1 Description:    Organizations determine the required vulnerability scanning for all system components, ensuring that potential sources of vulnerab...
Tue, 25 Jul, 2023 at 4:37 AM
CMMC 2.0 RM.2.143 Remediate vulnerabilities in accordance with risk assessments.
Level 2 Description:    Vulnerabilities discovered, for example, via the scanning conducted in response to 3..2, are remediated with consideration of the ...
Tue, 25 Jul, 2023 at 5:43 AM
CMMC 2.0 CA.2.158 Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.
Level 2 Description:   Organizations assess security controls in organizational systems and the environments in which those systems operate as part of the...
Tue, 25 Jul, 2023 at 5:59 AM
CMMC 2.0 CA.2.159 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
Level 2 Description:   The plan of action is a key document in the information security program. Organizations develop plans of action that describe how a...
Tue, 25 Jul, 2023 at 6:24 AM
CMMC 2.0 CA.3.161 Monitor security controls on an ongoing basis to ensure the continued effectiveness of the controls.
Level 2 Description:    Continuous monitoring programs facilitate ongoing awareness of threats, vulnerabilities, and information security to support organ...
Tue, 25 Jul, 2023 at 6:55 AM