CMMC V1.02 – SC.1.176 – Implement Subnetworks for Publicly Accessible System Components

Posted by Mark Lupo
On July 27, 2020

The second Practice within the System and Communication Protection Domain is, SC.1. 176: implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. This Practice also falls within the Capability, C039 – Control Communications at System Boundaries. This Practice, along with the following content, is found in the CMMC V1.02, […]

CMMC V1.02 – PE.1.134 – Control and Manage Physical Access Devices

Posted by Mark Lupo
On July 23, 2020

The final Practice within the Physical Security (PE) Domain and Capability, Limit Physical Access, is PE.1.134, Control and manage physical access devices. This Practice focuses on who can access the physical equipment used to track physical access to a facility (e.g., locks, badging, key cards, etc.) and who is responsible for monitoring and managing access […]

CMMC V1.02 – PE.1.133 – Maintain Audit Logs of Physical Access

Posted by Mark Lupo
On July 21, 2020

PE.1.133 marks the third practice within the Domain, Physical Security, and Capability, Limit physical Access. Where the first two practices within PE were focused on limiting access to systems and individuals, this Practice focuses on the documentation process of how you limit access: Using audit logs. As the content below explains, it is not necessary […]

CMMC V1.02 – PE.1.132 – Escort Visitors and Monitor Visitor Activity

Posted by Mark Lupo
On July 20, 2020

This entry is the second Practice within the Physical Protection (PE) Domain and the Capability, Limit Physical Access. This Practice, PE.1.132 – Escort Visitors and Monitor Visitor Activity, aligns with the prior one, PE.1.131, Limiting physical access to organizational information systems and, again, is pretty straight forward. Essentially, to meet compliance with this Practice, an […]

Posted by Mark Lupo
On July 13, 2020

The next four practices to be addressed reside within the Physical Protection (PE) Domain. The Physical Protection Domain covers activities which ensure that physical access to CUI asset containers is strictly controlled, managed, and monitored in accordance with CUI protection requirements. In this entry, we are discussing the first of the Practices, PE.1.131: Limit physical […]

CMMC V1.0 – AC.1.003 – Verify, Control and Limit Connections to, and Use of, External Information Systems.

Posted by Mark Lupo
On February 24, 2020

The third Practice required to be implemented under CMMC V1.0 within your information security plans, falls under the capability, Limit data access to authorized users and processes (C004). This capability has similarities to the previous one discussed, Control internal system access (C002), and differs only that the expectations within AC.1.003 relate to limiting access to […]

CMMC V1.0 – Level 1 Compliance – AC.1.002 – Limiting System Access to Types of Transactions

Posted by Mark Lupo
On February 18, 2020

In this and succeeding entries, we will review one or two Practices per article, focusing on the description of the practice and the clarifying statement and examples provided within Appendix B of CMMC V 1.0. The second practice required to achieve Level 1 compliance under the CMMC standard falls under the second capability, Control internal […]

CMMC V1.0 – Level 1 Compliance – Understanding the Resources and Appendices

Posted by Mark Lupo
On February 13, 2020

So, as a Department of Defense contractor (Prime or Sub), you have determined that you need to achieve at least Level 1 certification within the Cybersecurity Maturity Model Certification (CMMC) V1.0, though are unsure as to what Level 1 compliance entails. This article marks the first of several that will dive into each of the […]