|AC.L1-b.1.i||1||Access Control||Authorized Access Control (FCI)|
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
|AC.L1-b.1.ii||1||Access Control||Transaction & Function Control (FCI)|
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
|AC.L1-b.1.iii||1||Access Control||External Connections (FCI)|
Verify and control/limit connections to and use of external information systems.
|AC.L1-b.1.iv||1||Access Control||Control Public Information (FCI)|
Control information posted or processed on publicly accessible information systems.
|IA.L1-b.1.v||1||Identification and Authentication||Identification (FCI)|
Identify information system users, processes acting on behalf of users, or devices.
|IA.L1-b.1.vi||1||Identification and Authentication||Authentication (FCI)|
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
|MP.L1-b.1.vii||1||Media Protection||Media Disposal (FCI)|
Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
|PE.L1-b.1.ix||1||Physical Protection||Manage Visitors & Physical Access (FCI)|
Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices.
|PE.L1-b.1.viii||1||Personnel Security||Limit Physical Access (FCI)|
Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
|SC.L1-b.1.x||1||System and Communications Protection||Boundary Protection (FCI)|
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
|SC.L1-b.1.xi||1||System and Communications Protection||Public-Access System Separation (FCI)|
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
|SI.L1-b.1.xii||1||System and Information Integrity||Flaw Remediation (FCI)|
Identify, report, and correct information and information system flaws in a timely manner.
|SI.L1-b.1.xiii||1||System and Information Integrity||Malicious Code Protection (FCI)|
Provide protection from malicious code at appropriate locations within organizational information systems.
|SI.L1-b.1.xiv||1||Access Control||Update Malicious Code Protection (FCI)|
Update malicious code protection mechanisms when new releases are available.
|SI.L1-b.1.xv||1||System and Information Integrity||System & File Scanning (FCI)|
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.