Access Control (AC)

From Cooey.Wiki
Jump to navigation Jump to search
CMMC 1.02 # CMMC 2.0 # Practice
AC.1.001 AC.L1-3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users or devices (including other information systems).
AC.1.002 AC.L1-3.1.2 Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
AC.1.003 AC.L1-3.1.20 "Verify and control/limit connections to and use of external information systems."
AC.1.004 AC.L1-3.1.22 "Control information posted or processed on publicly accessible information systems."
AC.2.005 AC.L2-3.1.9 Provide privacy and security notices consistent with applicable Controlled Unclassified Information (CUI) rules.
AC.2.006 AC.L2-3.1.21 Limit use of portable storage devices on external systems.
AC.2.007 AC.L2-3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts.
AC.2.008 AC.L2-3.1.6 Use non-privileged accounts or roles when accessing nonsecurity functions.
AC.2.009 AC.L2-3.1.8 Limit unsuccessful logon attempts.
AC.2.010 AC.L2-3.1.10 Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
AC.2.011 AC.L2-3.1.16 Authorize wireless access prior to allowing such connections.
AC.2.013 AC.L2-3.1.12 Monitor and control remote access sessions.
AC.2.015 AC.L2-3.1.14 Route remote access via managed access control points.
AC.2.016 AC.L2-3.1.3 Control the flow of CUI in accordance with approved authorizations.
AC.3.012 AC.L2-3.1.17 Protect wireless access using authentication and encryption.
AC.3.014 AC.L2-3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
AC.3.017 AC.L2-3.1.4 "Separate the duties of individuals to reduce the risk of malevolent activity without collusion."
AC.3.018 AC.L2-3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
AC.3.019 AC.L2-3.1.11 Terminate (automatically) user sessions after a defined condition.
AC.3.020 AC.L2-3.1.18 Control connection of mobile devices.
AC.3.021 AC.L2-3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information.
AC.3.022 AC.L2-3.1.19 Encrypt CUI on mobile devices and mobile computing platforms.
AC.4.023 Unknown Control information flows between security domains on connected systems.