Access Control - Level 2
CMMC AC.2.016 - Control CUI Flow
Requirement text: AC.2.016: Control the flow of CUI in accordance with approved authorizations. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Information flow control regulates where information can travel within a system and between systems ...
CMMC AC.2.015 - Use Managed Access Points
Requirement text: AC.2.015: Route remote access via managed access control points. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Routing remote access through managed access control points enhances explicit, organizational control over such ...
CMMC AC.2.013 - Control Remote Access
Requirement text: AC.2.013: Monitor and control remote access sessions. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Remote access is access to organizational systems by users (or processes acting on behalf of users) communicating through ...
CMMC AC.2.011 - Authorize Wireless Access
Requirement text: AC.2.011: Authorize wireless access prior to allowing such connections. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Establishing usage restrictions and configuration/connection requirements for wireless access to the system ...
CMMC AC.2.010 - Use Session Locks
Requirement text: AC.2.010: Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Session locks are temporary actions taken when users stop ...
CMMC AC.2.009 - Limit Unsuccessful Logins
Requirement text: AC.2.009: Limit unsuccessful logon attempts. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement applies regardless of whether the logon occurs via a local or network connection. Due to the potential for denial of ...
CMMC AC.2.008 - Use Non-Privilege Accounts
Requirement text: AC.2.008: Use non-privileged accounts or roles when accessing non-security functions. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement limits exposure when operating from within privileged accounts or roles. The ...
CMMC AC.2.007 - Employ Least Privilege
Requirement text: AC.2.007: Employ the principle of least privilege, including for specific security functions and privileged accounts. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Organizations employ the principle of least privilege for ...
CMMC AC.2.006 - Limit Storage Devices
Requirement text: AC.2.006: Limit use of portable storage devices on external systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Limits on the use of organization-controlled portable storage devices in external systems include complete ...
CMMC AC.2.005 - Provide Security Notices
Requirement text: AC.2.005: Provide privacy and security notices consistent with applicable CUI rules. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 System use notifications can be implemented using messages or warning banners displayed before ...