CMMC 2.1 Control Explorer



CMMC Level

ID Level Domain Title Requirement
AC.L1-b.1.i1Access ControlAuthorized Access Control (FCI)

Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).

AC.L1-b.1.ii1Access ControlTransaction & Function Control (FCI)

Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

AC.L1-b.1.iii1Access ControlExternal Connections (FCI)

Verify and control/limit connections to and use of external information systems.

AC.L1-b.1.iv1Access ControlControl Public Information (FCI)

Control information posted or processed on publicly accessible information systems.

IA.L1-b.1.v1Identification and AuthenticationIdentification (FCI)

Identify information system users, processes acting on behalf of users, or devices.

IA.L1-b.1.vi1Identification and AuthenticationAuthentication (FCI)

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

MP.L1-b.1.vii1Media ProtectionMedia Disposal (FCI)

Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.

PE.L1-b.1.ix1Physical ProtectionManage Visitors & Physical Access (FCI)

Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices.

PE.L1-b.1.viii1Personnel SecurityLimit Physical Access (FCI)

Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.

SC.L1-b.1.x1System and Communications ProtectionBoundary Protection (FCI)

Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.

SC.L1-b.1.xi1System and Communications ProtectionPublic-Access System Separation (FCI)

Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

SI.L1-b.1.xii1System and Information IntegrityFlaw Remediation (FCI)

Identify, report, and correct information and information system flaws in a timely manner.

SI.L1-b.1.xiii1System and Information IntegrityMalicious Code Protection (FCI)

Provide protection from malicious code at appropriate locations within organizational information systems.

SI.L1-b.1.xiv1Access ControlUpdate Malicious Code Protection (FCI)

Update malicious code protection mechanisms when new releases are available.

SI.L1-b.1.xv1System and Information IntegritySystem & File Scanning (FCI)

Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.