Configuration Management - Level 3
CMMC CM.3.069 - Deny Unauthorized Software`
Requirement text: CM.3.069: Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software. DISCUSSION FROM SOURCE: DRAFT ...
CMMC CM.3.068 - Prevent Nonessential Services
Requirement text: CM.3.068: Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Restricting the use of nonessential software (programs) includes ...
CMMC CM.3.067 - Restrict System Access Changes
Requirement text: CM.3.067: Define, document, approve, and enforce physical and logical access restrictions associated with changes to organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Any changes to the hardware, software, or ...