Search
Domain
CMMC Level
Points
Can Be POA&M'd
| ID | Level | Domain | Title | Requirement | Points |
|---|---|---|---|---|---|
| AC.L1-b.1.i | 1 | Access Control | Authorized Access Control [FCI Data] | Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). | |
| AC.L1-b.1.ii | 1 | Access Control | Transaction & Function Control [FCI Data] | Limit information system access to the types of transactions and functions that authorized users are permitted to execute. | |
| AC.L1-b.1.iii | 1 | Access Control | External Connections [FCI Data] | Verify and control/limit connections to and use of external information systems. | |
| AC.L1-b.1.iv | 1 | Access Control | Control Public Information [FCI Data] | Control information posted or processed on publicly accessible information systems. | |
| IA.L1-b.1.v | 1 | Identification and Authentication | Identification [FCI Data] | Identify information system users, processes acting on behalf of users, or devices. | |
| IA.L1-b.1.vi | 1 | Identification and Authentication | Authentication [FCI Data] | Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. | |
| MP.L1-b.1.vii | 1 | Media Protection | Media Disposal [FCI Data] | Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. | |
| PE.L1-b.1.ix | 1 | Physical Protection | Manage Visitors & Physical Access [FCI Data] | Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices. | |
| PE.L1-b.1.viii | 1 | Physical Protection | Limit Physical Access [FCI Data] | Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. | |
| SC.L1-b.1.x | 1 | System and Communications Protection | Boundary Protection [FCI Data] | Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. | |
| SC.L1-b.1.xi | 1 | System and Communications Protection | Public-Access System Separation [FCI Data] | Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. | |
| SI.L1-b.1.xii | 1 | System and Information Integrity | Flaw Remediation [FCI Data] | Identify, report, and correct information and information system flaws in a timely manner. | |
| SI.L1-b.1.xiii | 1 | System and Information Integrity | Malicious Code Protection [FCI Data] | Provide protection from malicious code at appropriate locations within organizational information systems. | |
| SI.L1-b.1.xiv | 1 | System and Information Integrity | Update Malicious Code Protection [FCI Data] | Update malicious code protection mechanisms when new releases are available. | |
| SI.L1-b.1.xv | 1 | System and Information Integrity | System & File Scanning [FCI Data] | Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. |