• Requirement

    Restrict access to systems and system components to only those information resources that are owned, provisioned, or issued by the organization.

  • Discussion

    Information resources that are not owned, provisioned, or issued by the organization include systems or system components owned by other organizations and personally owned devices. Nonorganizational information resources present significant risks to the organization and complicate the ability to employ a “comply-to-connect” policy or implement component or device attestation techniques to ensure the integrity of the organizational system.

More Info

  • Family

    Access Control
  • Protection Strategy

    • Penetration-Resistant Architecture

NIST 800-172A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!