CMMC V1.02 – SI.1.212 – Update Malicious Code Protection Mechanisms

  • Posted by Mark Lupo
  • On August 7, 2020
The third Practice within the System and Information Security, also falling under the Capability, C041, Identify Malicious Content, is SI.1.212 – Update Malicious Code Protection Mechanisms When New Releases are Available.  This Practice focuses on ensuring you protect your IT system with new security releases and monitoring your system regularly.  You can find the Practice […]
Read More
 1

CMMC V1.02 – SI.1.211 – Provide Protection From Malicious Code

  • Posted by Mark Lupo
  • On August 6, 2020
We now explore the 2nd Practice within the Domain, System and Information Integrity (SI), S.I.211 – Provide protection from malicious code at appropriate locations within organizational information systems. This Practice falls under the second Capability within the (SI) Domain, C041, Identify Malicious Content and can be found in the CMMC Appendix B, page B-238 (Page […]
Read More
 1

CMMC V1.02 – SI.1.210: Identify, Report and Correct Information/Flaws in a Timely Manner

  • Posted by Mark Lupo
  • On August 5, 2020
In this entry, we move into the final Domain for Level 1, System and Information Integrity (SI). This domain ensures that technology assets (e.g., desktops, software) that contain CUI are continuously monitored to detect violations of the authorized security state. Additionally, electronic mail (email), a common attack vector, is monitored and protected to detect malicious […]
Read More
 1

CMMC V1.02 – SC.1.176 – Implement Subnetworks for Publicly Accessible System Components

  • Posted by Mark Lupo
  • On July 27, 2020
The second Practice within the System and Communication Protection Domain is, SC.1. 176: implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. This Practice also falls within the Capability, C039 – Control Communications at System Boundaries.  This Practice, along with the following content, is found in the CMMC V1.02, […]
Read More
 1

CMMC V1.02 – SC.1.175 – Monitor, Control, and Protect Organizational Communications

  • Posted by Mark Lupo
  • On July 24, 2020
We continue our discussion of the Practices within CMMC, Level 1, with the next Domain, System and Communication Protection (SC). Within this Domain, there are 2 capabilities and 2 practices for Level 1 compliance.  System and Communications Protection activities ensure the organization is actively identifying, managing, and controlling all system and communication channels that store […]
Read More
 1

CMMC V1.02 – PE.1.134 – Control and Manage Physical Access Devices

  • Posted by Mark Lupo
  • On July 23, 2020
The final Practice within the Physical Security (PE) Domain and Capability, Limit Physical Access, is PE.1.134, Control and manage physical access devices.  This Practice focuses on who can access the physical equipment used to track physical access to a facility (e.g., locks, badging, key cards, etc.) and who is responsible for monitoring and managing access […]
Read More
 1

CMMC V1.02 – PE.1.133 – Maintain Audit Logs of Physical Access

  • Posted by Mark Lupo
  • On July 21, 2020
PE.1.133 marks the third practice within the Domain, Physical Security, and Capability, Limit physical Access.  Where the first two practices within PE were focused on limiting access to systems and individuals, this Practice focuses on the documentation process of how you limit access:  Using audit logs.  As the content below explains, it is not necessary […]
Read More
 

CMMC V1.02 – PE.1.132 – Escort Visitors and Monitor Visitor Activity

  • Posted by Mark Lupo
  • On July 20, 2020
This entry is the second Practice within the Physical Protection (PE) Domain and the Capability, Limit Physical Access.  This Practice, PE.1.132 – Escort Visitors and Monitor Visitor Activity, aligns with the prior one, PE.1.131, Limiting physical access to organizational information systems and, again, is pretty straight forward.  Essentially, to meet compliance with this Practice, an […]
Read More