CMMC V1.02 – PE.1.133 – Maintain Audit Logs of Physical Access

Posted by Mark Lupo
On July 21, 2020

PE.1.133 marks the third practice within the Domain, Physical Security, and Capability, Limit physical Access. Where the first two practices within PE were focused on limiting access to systems and individuals, this Practice focuses on the documentation process of how you limit access: Using audit logs. As the content below explains, it is not necessary […]

CMMC V1.02 – PE.1.132 – Escort Visitors and Monitor Visitor Activity

Posted by Mark Lupo
On July 20, 2020

This entry is the second Practice within the Physical Protection (PE) Domain and the Capability, Limit Physical Access. This Practice, PE.1.132 – Escort Visitors and Monitor Visitor Activity, aligns with the prior one, PE.1.131, Limiting physical access to organizational information systems and, again, is pretty straight forward. Essentially, to meet compliance with this Practice, an […]

Posted by Mark Lupo
On July 13, 2020

The next four practices to be addressed reside within the Physical Protection (PE) Domain. The Physical Protection Domain covers activities which ensure that physical access to CUI asset containers is strictly controlled, managed, and monitored in accordance with CUI protection requirements. In this entry, we are discussing the first of the Practices, PE.1.131: Limit physical […]

CMMC V1.02 – MP.1.118 – SANITIZE OR DESTROY INFORMATION SYSTEM MEDIA

Posted by Mark Lupo
On July 2, 2020

The next practice to be completed is located within the domain, Media Protection. For Level 1 compliance, there is only one Capability (Sanitize Media) and one Practice within that Capability: MP.1.118 – Sanitize or destroy information system media containing Federal contract information before disposal or release for reuse. Below is the information and description provided […]

CMMC V1.02 – IA.1.077 – Authenticate Identities of Users, Processes, or Devices

Posted by Mark Lupo
On June 29, 2020

The second practice within the Domain, Identification and Authentication (IA) and Capability, Grant access to authenticated entities, is IA.1.077, Authenticate ( or verify ) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. This sounds a lot more complicated than it actually is. Essentially, this practice […]

CMMC V1.02 – IA.1.076 – Identify Information System Users, Processes Acting on Behalf of Users or Devices.

Posted by Mark Lupo
On June 25, 2020

After somewhat of a hiatus due to the response efforts for the 1st wave of the COVID-19 outbreak, we are picking up where we left off in late February with the 5th of the practices required to achieve Level 1 CMMC, Basic Cyber Hygiene. We move to a second domain with the 5th practice for […]

Thoughts on Small Business and Response and Recovery During COVID-19

Posted by Mark Lupo
On March 18, 2020

Napoleon Hill, author of multiple books, including Think and Grow Rich and The Master Key to Riches, once said, “Every adversity, every failure, every heartache carries with it the seed of an equal or greater benefit.” Though it can be hard for some of us to consider a benefit or opportunity right now, in the […]

13 March – COVID-19 Update – Clarifying Signs and Symptoms to Influenza

Posted by Mark Lupo
On March 13, 2020

With COVID-19 upon us and dramatic actions taken around the world to create social distancing, several questions have emerged as to how best to differentiate between the signs and symptoms of COVID-19 to influenza or even the common cold. As you are probably aware, the general signs and symptoms of active COVID-19 are very similar […]