The CMMC Level 1, 17 Practices Identified and Explained

  • Posted by Mark Lupo
  • On August 8, 2020
Welcome to this final entry regarding the 17 Practices within CMMC Level 1 compliance.  This article identifies the 6 Domains, containing 9 Capabilities and requiring 17 Practices to be active and integrated within the company operations in order to comply with 48 CFR 52.204-21 and to reach CMMC Level 1 compliance.  There are no Processes […]
Read More
 3

CMMC V1.02 – SI.1.213 – Perform Periodic Scans of Information Systems

  • Posted by Mark Lupo
  • On August 8, 2020
In our final entry of the Practices found in CMMC Level 1, within the Domain, System and Information Integrity, we cover SI.1.213 – Perform periodic scans of information systems and real-time scans of files from external sources as files are downloaded, opened or executed.  This Practice is found within the Capability, C041, Identify Malicious Content, […]
Read More
 1

CMMC V1.02 – SI.1.212 – Update Malicious Code Protection Mechanisms

  • Posted by Mark Lupo
  • On August 7, 2020
The third Practice within the System and Information Security, also falling under the Capability, C041, Identify Malicious Content, is SI.1.212 – Update Malicious Code Protection Mechanisms When New Releases are Available.  This Practice focuses on ensuring you protect your IT system with new security releases and monitoring your system regularly.  You can find the Practice […]
Read More
 1

CMMC V1.02 – SI.1.211 – Provide Protection From Malicious Code

  • Posted by Mark Lupo
  • On August 6, 2020
We now explore the 2nd Practice within the Domain, System and Information Integrity (SI), S.I.211 – Provide protection from malicious code at appropriate locations within organizational information systems. This Practice falls under the second Capability within the (SI) Domain, C041, Identify Malicious Content and can be found in the CMMC Appendix B, page B-238 (Page […]
Read More
 1

CMMC V1.02 – SI.1.210: Identify, Report and Correct Information/Flaws in a Timely Manner

  • Posted by Mark Lupo
  • On August 5, 2020
In this entry, we move into the final Domain for Level 1, System and Information Integrity (SI). This domain ensures that technology assets (e.g., desktops, software) that contain CUI are continuously monitored to detect violations of the authorized security state. Additionally, electronic mail (email), a common attack vector, is monitored and protected to detect malicious […]
Read More
 1

CMMC V1.02 – SC.1.176 – Implement Subnetworks for Publicly Accessible System Components

  • Posted by Mark Lupo
  • On July 27, 2020
The second Practice within the System and Communication Protection Domain is, SC.1. 176: implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. This Practice also falls within the Capability, C039 – Control Communications at System Boundaries.  This Practice, along with the following content, is found in the CMMC V1.02, […]
Read More
 1

CMMC V1.02 – SC.1.175 – Monitor, Control, and Protect Organizational Communications

  • Posted by Mark Lupo
  • On July 24, 2020
We continue our discussion of the Practices within CMMC, Level 1, with the next Domain, System and Communication Protection (SC). Within this Domain, there are 2 capabilities and 2 practices for Level 1 compliance.  System and Communications Protection activities ensure the organization is actively identifying, managing, and controlling all system and communication channels that store […]
Read More
 1

CMMC V1.02 – PE.1.134 – Control and Manage Physical Access Devices

  • Posted by Mark Lupo
  • On July 23, 2020
The final Practice within the Physical Security (PE) Domain and Capability, Limit Physical Access, is PE.1.134, Control and manage physical access devices.  This Practice focuses on who can access the physical equipment used to track physical access to a facility (e.g., locks, badging, key cards, etc.) and who is responsible for monitoring and managing access […]
Read More
 1