Search
Domain
CMMC Level
ID | Level | Domain | Requirement |
---|---|---|---|
AC.L1-3.1.1 | 1 | Access Control | Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). |
AC.L1-3.1.2 | 1 | Access Control | Limit information system access to the types of transactions and functions that authorized users are permitted to execute. |
AC.L1-3.1.20 | 1 | Access Control | Verify and control/limit connections to and use of external information systems. |
AC.L1-3.1.22 | 1 | Access Control | Control information posted or processed on publicly accessible information systems. |
IA.L1-3.5.1 | 1 | Identification and Authentication | Identify information system users, processes acting on behalf of users, or devices. |
IA.L1-3.5.2 | 1 | Identification and Authentication | Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. |
MP.L1-3.8.3 | 1 | Media Protection | Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. |
PE.L1-3.10.1 | 1 | Physical Protection | Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. |
PE.L1-3.10.3 | 1 | Physical Protection | Escort visitors and monitor visitor activity. |
PE.L1-3.10.4 | 1 | Physical Protection | Maintain audit logs of physical access. |
PE.L1-3.10.5 | 1 | Physical Protection | Control and manage physical access devices. |
SC.L1-3.13.1 | 1 | System and Communications Protection | Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. |
SC.L1-3.13.5 | 1 | System and Communications Protection | Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. |
SI.L1-3.14.1 | 1 | System and Information Integrity | Identify, report, and correct information and information system flaws in a timely manner. |
SI.L1-3.14.2 | 1 | System and Information Integrity | Provide protection from malicious code at appropriate locations within organizational information systems. |
SI.L1-3.14.4 | 1 | System and Information Integrity | Update malicious code protection mechanisms when new releases are available. |
SI.L1-3.14.5 | 1 | System and Information Integrity | Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. |