Difference between revisions of "Access Control (AC)"

From Cooey.Wiki
Jump to navigation Jump to search
 
Line 6: Line 6:
| ||||
| ||||
|-
|-
| AC.1.001||AC.L1-3.1.1||Limit information system access to authorized users, processes acting on behalf of authorized users or devices (including other information systems).
| AC.1.001||[[AC.L1-3.1.1]]||Limit information system access to authorized users, processes acting on behalf of authorized users or devices (including other information systems).
|-
|-
| AC.1.002||AC.L1-3.1.2||Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
| AC.1.002||[[AC.L1-3.1.2]]||Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
|-
|-
| AC.1.003||AC.L1-3.1.20||"Verify and control/limit connections to and use of external information systems."
| AC.1.003||AC.L1-3.1.20||"Verify and control/limit connections to and use of external information systems."

Latest revision as of 14:09, 5 May 2022

CMMC 1.02 # CMMC 2.0 # Practice
AC.1.001 AC.L1-3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users or devices (including other information systems).
AC.1.002 AC.L1-3.1.2 Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
AC.1.003 AC.L1-3.1.20 "Verify and control/limit connections to and use of external information systems."
AC.1.004 AC.L1-3.1.22 "Control information posted or processed on publicly accessible information systems."
AC.2.005 AC.L2-3.1.9 Provide privacy and security notices consistent with applicable Controlled Unclassified Information (CUI) rules.
AC.2.006 AC.L2-3.1.21 Limit use of portable storage devices on external systems.
AC.2.007 AC.L2-3.1.5 Employ the principle of least privilege, including for specific security functions and privileged accounts.
AC.2.008 AC.L2-3.1.6 Use non-privileged accounts or roles when accessing nonsecurity functions.
AC.2.009 AC.L2-3.1.8 Limit unsuccessful logon attempts.
AC.2.010 AC.L2-3.1.10 Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
AC.2.011 AC.L2-3.1.16 Authorize wireless access prior to allowing such connections.
AC.2.013 AC.L2-3.1.12 Monitor and control remote access sessions.
AC.2.015 AC.L2-3.1.14 Route remote access via managed access control points.
AC.2.016 AC.L2-3.1.3 Control the flow of CUI in accordance with approved authorizations.
AC.3.012 AC.L2-3.1.17 Protect wireless access using authentication and encryption.
AC.3.014 AC.L2-3.1.13 Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
AC.3.017 AC.L2-3.1.4 "Separate the duties of individuals to reduce the risk of malevolent activity without collusion."
AC.3.018 AC.L2-3.1.7 Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
AC.3.019 AC.L2-3.1.11 Terminate (automatically) user sessions after a defined condition.
AC.3.020 AC.L2-3.1.18 Control connection of mobile devices.
AC.3.021 AC.L2-3.1.15 Authorize remote execution of privileged commands and remote access to security-relevant information.
AC.3.022 AC.L2-3.1.19 Encrypt CUI on mobile devices and mobile computing platforms.
AC.4.023 Unknown Control information flows between security domains on connected systems.