Access Control - Level 3
CMMC AC.3.022 - Encrypt Mobile Devices
Requirement text: AC.3.022: Encrypt CUI on mobile devices and mobile computing platforms. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Organizations can employ full-device encryption or container-based encryption to protect the confidentiality of ...
CMMC AC.3.021 -Authorize Remote Access
Requirement text: AC.3.021: Authorize remote execution of privileged commands and remote access to security-relevant information. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 A privileged command is a human-initiated (interactively or via a ...
CMMC AC.3.014 - Encrypt Remote Access
Requirement text: AC.3.014: Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Cryptographic standards include FIPS-validated cryptography and NSA-approved ...
CMMC AC.3.020 - Control Mobile Connections
Requirement text: AC.3.020: Control connection of mobile devices. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 A mobile device is a computing device that has a small form factor such that it can easily be carried by a single individual; is ...
CMMC AC.3.012 - Protect Wireless Access
Requirement text: AC.3.012: Protect wireless access using authentication and encryption. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Organizations authenticate individuals and devices to help protect wireless access to the system. Special ...
CMMC AC.3.019 - Terminate User Sessions
Requirement text: AC.3.019: Terminate (automatically) user sessions after a defined condition. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement addresses the termination of user-initiated logical sessions in contrast to the ...
CMMC AC.3.018 - Limit Privilege Functions
Requirement text: AC.3.018: Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Privileged functions include establishing system ...
CMMC AC.3.017 - Separate Individual Duties
Requirement text: AC.3.017: Separate the duties of individuals to reduce the risk of malevolent activity without collusion. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Separation of duties addresses the potential for abuse of authorized ...