CMMC 2.0 Control Explorer



CMMC Level

ID Level Domain Requirement
AC.L1-3.1.11Access Control

Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).

AC.L1-3.1.21Access Control

Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

AC.L1-3.1.201Access Control

Verify and control/limit connections to and use of external information systems.

AC.L1-3.1.221Access Control

Control information posted or processed on publicly accessible information systems.

IA.L1-3.5.11Identification and Authentication

Identify information system users, processes acting on behalf of users, or devices.

IA.L1-3.5.21Identification and Authentication

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

MP.L1-3.8.31Media Protection

Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.

PE.L1-3.10.11Physical Protection

Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

PE.L1-3.10.31Physical Protection

Escort visitors and monitor visitor activity.

PE.L1-3.10.41Physical Protection

Maintain audit logs of physical access.

PE.L1-3.10.51Physical Protection

Control and manage physical access devices.

SC.L1-3.13.11System and Communications Protection

Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.

SC.L1-3.13.51System and Communications Protection

Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

SI.L1-3.14.11System and Information Integrity

Identify, report, and correct information and information system flaws in a timely manner.

SI.L1-3.14.21System and Information Integrity

Provide protection from malicious code at appropriate locations within organizational information systems.

SI.L1-3.14.41System and Information Integrity

Update malicious code protection mechanisms when new releases are available.

SI.L1-3.14.51System and Information Integrity

Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.