CMMC V1.02 – PE.1.133 – Maintain Audit Logs of Physical Access

  • Posted by Mark Lupo
  • On July 21, 2020
PE.1.133 marks the third practice within the Domain, Physical Security, and Capability, Limit physical Access.  Where the first two practices within PE were focused on limiting access to systems and individuals, this Practice focuses on the documentation process of how you limit access:  Using audit logs.  As the content below explains, it is not necessary […]
Read More
 

CMMC V1.02 – PE.1.132 – Escort Visitors and Monitor Visitor Activity

  • Posted by Mark Lupo
  • On July 20, 2020
This entry is the second Practice within the Physical Protection (PE) Domain and the Capability, Limit Physical Access.  This Practice, PE.1.132 – Escort Visitors and Monitor Visitor Activity, aligns with the prior one, PE.1.131, Limiting physical access to organizational information systems and, again, is pretty straight forward.  Essentially, to meet compliance with this Practice, an […]
Read More
 

CMMC V1.02 – PE.1.131: Limit Physical Access to Organizational Information Systems

  • Posted by Mark Lupo
  • On July 13, 2020
The next four practices to be addressed reside within the Physical Protection (PE) Domain.  The Physical Protection Domain covers activities which ensure that physical access to CUI asset containers is strictly controlled, managed, and monitored in accordance with CUI protection requirements. In this entry, we are discussing the first of the Practices, PE.1.131: Limit physical […]
Read More
 1

CMMC V1.02 – MP.1.118 – SANITIZE OR DESTROY INFORMATION SYSTEM MEDIA

  • Posted by Mark Lupo
  • On July 2, 2020
The next practice to be completed is located within the domain, Media Protection.  For Level 1 compliance, there is only one Capability (Sanitize Media) and one Practice within that Capability:  MP.1.118 – Sanitize or destroy information system media containing Federal contract information before disposal or release for reuse.  Below is the information and description provided […]
Read More
 2

CMMC V1.02 – IA.1.077 – Authenticate Identities of Users, Processes, or Devices

  • Posted by Mark Lupo
  • On June 29, 2020
The second practice within the Domain, Identification and Authentication (IA) and Capability, Grant access to authenticated entities, is IA.1.077, Authenticate ( or verify ) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.  This sounds a lot more complicated than it actually is.  Essentially, this practice […]
Read More
 1

CMMC V1.0 – AC.1.003 – Verify, Control and Limit Connections to, and Use of, External Information Systems.

  • Posted by Mark Lupo
  • On February 24, 2020
The third Practice required to be implemented under CMMC V1.0 within your information security plans, falls under the capability, Limit data access to authorized users and processes (C004).  This capability has similarities to the previous one discussed, Control internal system access (C002), and differs only that the expectations within AC.1.003 relate to limiting access to […]
Read More
 1

CMMC V1.0 – Level 1 Compliance – AC.1.002 – Limiting System Access to Types of Transactions

  • Posted by Mark Lupo
  • On February 18, 2020
In this and succeeding entries, we will review one or two Practices per article, focusing on the description of the practice and the clarifying statement and examples provided within Appendix B of CMMC V 1.0.  The second practice required to achieve Level 1 compliance under the CMMC standard falls under the second capability, Control internal […]
Read More
 1