2.0

CMMC 2.0 CA.2.157 Develop, document, and periodically update system security plans that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to ot
Level 2 Description:    System security plans relate security requirements to a set of security controls. System security plans also describe, at a high l...
Tue, 25 Jul, 2023 at 8:46 AM
CMMC 2.0 SC.1.175 Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information system
Level  1 Description:    Communications can be monitored, controlled, and protected at boundary components and by restricting or prohibiting interfaces in...
Tue, 25 Jul, 2023 at 9:06 AM
CMMC 2.0 SC.1.176 Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
Level 1 Description:    Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones (DMZs). DMZs ...
Tue, 25 Jul, 2023 at 9:26 AM
CMMC 2.0 SC.3.180 Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
Level 2 Description:    Organizations apply systems security engineering principles to new development systems or systems undergoing major upgrades. For l...
Wed, 26 Jul, 2023 at 7:39 AM
CMMC 2.0 SC.3.181 Separate user functionality from system management functionality.
Level 2 Description:    System management functionality includes functions necessary to administer databases, network components, workstations, or servers...
Wed, 26 Jul, 2023 at 7:51 AM
CMMC 2.0 SC.3.182 Prevent unauthorized and unintended information transfer via shared system resources.
Level 2 Description:    The control of information in shared system resources (e.g., registers, cache memory, main memory, hard disks) is also commonly re...
Wed, 26 Jul, 2023 at 8:05 AM
CMMC 2.0 SC.3.183 Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
Level 1 Description: This requirement applies to inbound and outbound network communications traffic at the system boundary and at identified points with...
Wed, 26 Jul, 2023 at 8:25 AM
CMMC 2.0 SC.3.184 Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).
Level 2 Description: Split tunneling might be desirable by remote users to communicate with local system resources such as printers or file servers. Howev...
Wed, 26 Jul, 2023 at 8:34 AM
CMMC 2.0 SC.3.185 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.
Level 2 Description: This requirement applies to internal and external networks and any system components that can transmit information including servers,...
Wed, 26 Jul, 2023 at 8:41 AM
CMMC 2.0 SC.3.186 Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.
Level 2 Description: This requirement applies to internal and external networks. Terminating network connections associated with communications sessions i...
Wed, 26 Jul, 2023 at 8:49 AM