Access Control - Level 4
CMMC AC.4.032 - Restrict Remote Access
Requirement text: AC.4.032: Restrict remote network access based on organizationally defined risk factors such as time of day, location of access, physical location, network connection state, and measured properties of the current user and role. ...
CMMC AC.4.025 - Review CUI Access
Requirement text: AC.4.025: Periodically review and update CUI program access permissions. DISCUSSION FROM SOURCE: CMMC Organizations must maintain the authorizations for access to CUI information on a regular basis, considering whether existing ...
CMMC AC.4.023 - Control Information Flows
Requirement text: AC.4.023: Control information flows between security domains on connected systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171B (MODIFIED) Organizations employ information flow control policies and enforcement mechanisms to ...