Search
Domain
CMMC Level
| ID | Level | Domain | Title | Requirement |
|---|---|---|---|---|
| AC.L1-b.1.i | 1 | Access Control | Authorized Access Control (FCI) | Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). |
| AC.L1-b.1.ii | 1 | Access Control | Transaction & Function Control (FCI) | Limit information system access to the types of transactions and functions that authorized users are permitted to execute. |
| AC.L1-b.1.iii | 1 | Access Control | External Connections (FCI) | Verify and control/limit connections to and use of external information systems. |
| AC.L1-b.1.iv | 1 | Access Control | Control Public Information (FCI) | Control information posted or processed on publicly accessible information systems. |
| IA.L1-b.1.v | 1 | Identification and Authentication | Identification (FCI) | Identify information system users, processes acting on behalf of users, or devices. |
| IA.L1-b.1.vi | 1 | Identification and Authentication | Authentication (FCI) | Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. |
| MP.L1-b.1.vii | 1 | Media Protection | Media Disposal (FCI) | Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. |
| PE.L1-b.1.ix | 1 | Physical Protection | Manage Visitors & Physical Access (FCI) | Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices. |
| PE.L1-b.1.viii | 1 | Personnel Security | Limit Physical Access (FCI) | Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. |
| SC.L1-b.1.x | 1 | System and Communications Protection | Boundary Protection (FCI) | Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. |
| SC.L1-b.1.xi | 1 | System and Communications Protection | Public-Access System Separation (FCI) | Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. |
| SI.L1-b.1.xii | 1 | System and Information Integrity | Flaw Remediation (FCI) | Identify, report, and correct information and information system flaws in a timely manner. |
| SI.L1-b.1.xiii | 1 | System and Information Integrity | Malicious Code Protection (FCI) | Provide protection from malicious code at appropriate locations within organizational information systems. |
| SI.L1-b.1.xiv | 1 | Access Control | Update Malicious Code Protection (FCI) | Update malicious code protection mechanisms when new releases are available. |
| SI.L1-b.1.xv | 1 | System and Information Integrity | System & File Scanning (FCI) | Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. |