In our first CMMC Practice session we reviewed the Level 1 Practices within the Access Control (AC) Domain. Switching our CMMC practice focus from Federal Contract Information (FCI) to Controlled Unclassified Information (CUI), in this session we take a more in-depth look at the CMMC Level 2 practices within the AC domain.
This session will take a look at the CMMC AC domain practices that focus on network and device access control:
• AC.L2-3.1.3 – Control the flow of CUI in accordance with approved authorizations.
• AC.L2-3.1.12 – Monitor and control remote access sessions.
• AC.L2-3.1.14 – Route remote access via managed access control points.
• AC.L2-3.1.16 – Authorize wireless access prior to allowing such connections.
• AC.L2-3.1.18 – Control connection of mobile devices.
• AC.L2-3.1.21 – Limit use of portable storage devices on external systems.
We will also take to time to talk about the “CUI” requirements for the AC Level 1 practices:
• AC.L1-3.1.20 – Verify and control/limit connections to and use of external information systems.
Whether you are a subcontractor or prime contractor directly with the Department of Defense, you don’t want to miss this session of the CMMC AC domain practices as we get more in-depth on our implementation discussions. Still have questions? Check out our blogs, sign up for CMMC Training, email us directly.
Ready to start checking your compliance Readiness? Monarch’s Security Catapult is a CMMC self-assessment tool to prepare you for a CMMC assessment.
Security Catapult:
Security Catapult was created by authorized CMMC assessors, DoD industry consultants and cybersecurity specialists precisely for Department of Defense contractors.
We’ve transformed reaching your CMMC goals into a logical and collaborative step-by-step process. Whether you are at CMMC Level 1 or 2, and regardless of the size of your organization, the Security Catapult takes the mystery and complexity out of preparing for your audit.