CMMC V1.0 – AC.1.004 – Control Information Posted or Processed on Publicly Accessible Information Systems

  • Posted by Mark Lupo
  • On February 27, 2020
The fourth Practice required to be implemented under CMMC V1.0 within your information security plans, also falls under the Capability, Limit data access to authorized users and processes (C004).  This Practice is titled, Control Information Posted or Processed on Publicly Accessible Information Systems (and is found on Pg 52 of the Appendix B PDF or […]
Read More
 1

CMMC V1.0 – AC.1.003 – Verify, Control and Limit Connections to, and Use of, External Information Systems.

  • Posted by Mark Lupo
  • On February 24, 2020
The third Practice required to be implemented under CMMC V1.0 within your information security plans, falls under the capability, Limit data access to authorized users and processes (C004).  This capability has similarities to the previous one discussed, Control internal system access (C002), and differs only that the expectations within AC.1.003 relate to limiting access to […]
Read More
 1

CMMC V1.0 – Level 1 Compliance – Understanding the Resources and Appendices

  • Posted by Mark Lupo
  • On February 13, 2020
So, as a Department of Defense contractor (Prime or Sub), you have determined that you need to achieve at least Level 1 certification within the Cybersecurity Maturity Model Certification (CMMC) V1.0, though are unsure as to what Level 1 compliance entails.  This article marks the first of several that will dive into each of the […]
Read More
 1