CMMC V1.02 – SI.1.211 – Provide Protection From Malicious Code

We now explore the 2nd Practice within the Domain, System and Information Integrity (SI), S.I.211 – Provide protection from malicious code at appropriate locations within organizational information systems. This Practice falls under the second Capability within the (SI) Domain, C041, Identify Malicious Content and can be found in the CMMC Appendix B, page B-238 (Page […]

CMMC V1.02 – SI.1.210: Identify, Report and Correct Information/Flaws in a Timely Manner

In this entry, we move into the final Domain for Level 1, System and Information Integrity (SI). This domain ensures that technology assets (e.g., desktops, software) that contain CUI are continuously monitored to detect violations of the authorized security state. Additionally, electronic mail (email), a common attack vector, is monitored and protected to detect malicious […]

CMMC V1.02 – SC.1.176 – Implement Subnetworks for Publicly Accessible System Components

The second Practice within the System and Communication Protection Domain is, SC.1. 176: implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. This Practice also falls within the Capability, C039 – Control Communications at System Boundaries.  This Practice, along with the following content, is found in the CMMC V1.02, […]

CMMC V1.02 – SC.1.175 – Monitor, Control, and Protect Organizational Communications

We continue our discussion of the Practices within CMMC, Level 1, with the next Domain, System and Communication Protection (SC). Within this Domain, there are 2 capabilities and 2 practices for Level 1 compliance.  System and Communications Protection activities ensure the organization is actively identifying, managing, and controlling all system and communication channels that store […]

CMMC V1.02 – PE.1.131: Limit Physical Access to Organizational Information Systems

The next four practices to be addressed reside within the Physical Protection (PE) Domain.  The Physical Protection Domain covers activities which ensure that physical access to CUI asset containers is strictly controlled, managed, and monitored in accordance with CUI protection requirements. In this entry, we are discussing the first of the Practices, PE.1.131: Limit physical […]

CMMC V1.02 – MP.1.118 – SANITIZE OR DESTROY INFORMATION SYSTEM MEDIA

The next practice to be completed is located within the domain, Media Protection.  For Level 1 compliance, there is only one Capability (Sanitize Media) and one Practice within that Capability:  MP.1.118 – Sanitize or destroy information system media containing Federal contract information before disposal or release for reuse.  Below is the information and description provided […]

CMMC V1.02 – IA.1.077 – Authenticate Identities of Users, Processes, or Devices

The second practice within the Domain, Identification and Authentication (IA) and Capability, Grant access to authenticated entities, is IA.1.077, Authenticate ( or verify ) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.  This sounds a lot more complicated than it actually is.  Essentially, this practice […]