CMMC V1.02 – SI.1.212 – Update Malicious Code Protection Mechanisms

The third Practice within the System and Information Security, also falling under the Capability, C041, Identify Malicious Content, is SI.1.212 – Update Malicious Code Protection Mechanisms When New Releases are Available.  This Practice focuses on ensuring you protect your IT system with new security releases and monitoring your system regularly.  You can find the Practice […]

CMMC V1.02 – SI.1.211 – Provide Protection From Malicious Code

We now explore the 2nd Practice within the Domain, System and Information Integrity (SI), S.I.211 – Provide protection from malicious code at appropriate locations within organizational information systems. This Practice falls under the second Capability within the (SI) Domain, C041, Identify Malicious Content and can be found in the CMMC Appendix B, page B-238 (Page […]

CMMC V1.02 – SI.1.210: Identify, Report and Correct Information/Flaws in a Timely Manner

In this entry, we move into the final Domain for Level 1, System and Information Integrity (SI). This domain ensures that technology assets (e.g., desktops, software) that contain CUI are continuously monitored to detect violations of the authorized security state. Additionally, electronic mail (email), a common attack vector, is monitored and protected to detect malicious […]

CMMC V1.02 – SC.1.176 – Implement Subnetworks for Publicly Accessible System Components

The second Practice within the System and Communication Protection Domain is, SC.1. 176: implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. This Practice also falls within the Capability, C039 – Control Communications at System Boundaries.  This Practice, along with the following content, is found in the CMMC V1.02, […]

CMMC V1.02 – SC.1.175 – Monitor, Control, and Protect Organizational Communications

We continue our discussion of the Practices within CMMC, Level 1, with the next Domain, System and Communication Protection (SC). Within this Domain, there are 2 capabilities and 2 practices for Level 1 compliance.  System and Communications Protection activities ensure the organization is actively identifying, managing, and controlling all system and communication channels that store […]

CMMC V1.02 – PE.1.134 – Control and Manage Physical Access Devices

The final Practice within the Physical Security (PE) Domain and Capability, Limit Physical Access, is PE.1.134, Control and manage physical access devices.  This Practice focuses on who can access the physical equipment used to track physical access to a facility (e.g., locks, badging, key cards, etc.) and who is responsible for monitoring and managing access […]

CMMC V1.02 – PE.1.133 – Maintain Audit Logs of Physical Access

PE.1.133 marks the third practice within the Domain, Physical Security, and Capability, Limit physical Access.  Where the first two practices within PE were focused on limiting access to systems and individuals, this Practice focuses on the documentation process of how you limit access:  Using audit logs.  As the content below explains, it is not necessary […]

CMMC V1.02 – PE.1.132 – Escort Visitors and Monitor Visitor Activity

This entry is the second Practice within the Physical Protection (PE) Domain and the Capability, Limit Physical Access.  This Practice, PE.1.132 – Escort Visitors and Monitor Visitor Activity, aligns with the prior one, PE.1.131, Limiting physical access to organizational information systems and, again, is pretty straight forward.  Essentially, to meet compliance with this Practice, an […]