Cybersecurity Maturity Model Certification (CMMC) | Systems And Communication Protection - Level 3

Systems and Communication Protection - Level 3
CMMC SC.3.193 - Restrict Publication of CUI on Internet Sites
Requirement text: SC.3.193: Implement a policy restricting the publication of CUI on externally-owned, publicly accessible websites (e.g., forums, LinkedIn, Facebook, Twitter). DISCUSSION FROM SOURCE: CMMC Define and enforce a policy that restricts ...
CMMC SC.3.192 - Implement Domain Name System Filtering
Requirement text: SC.3.192: Implement Domain Name System (DNS) filtering services. DISCUSSION FROM SOURCE: CIS CONTROLS V7.1 Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with ...
CMMC SC.3.191 - Protect CUI at Rest
Requirement text: SC.3.191: Protect the confidentiality of CUI at rest. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-17 R2 Information at rest refers to the state of information when it is not in process or in transit and is located on storage devices ...
CMMC SC.3.190 - Protect Authenticity of Communications Sessions
Requirement text: SC.3.190: Protect the authenticity of communications sessions. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of ...
CMMC SC.3.189 - Control and Monitor use of VOIP Technologies
Requirement text: SC.3.189: Control and monitor the use of Voice over Internet Protocol (VoIP) technologies. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 VoIP has different requirements, features, functionality, availability, and service ...
CMMC SC.3.188 - Control the Use of Mobile Code
Requirement text: SC.3.188: Control and monitor the use of mobile code. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Mobile code technologies include Java, JavaScript, ActiveX, Postscript, PDF, Shockwave movies, Flash animations, and VBScript. ...
CMMC SC.3.187 - Establish and Manage Cryptographic Keys
Requirement text: SC.3.187: Establish and manage cryptographic keys for cryptography employed in organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Cryptographic key management and establishment can be performed using manual ...
CMMC SC.3.186 - Terminate Unnecessary Network Sessions
Requirement text: SC.3.186: Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement applies to ...
CMMC SC.3.185 - Implement Cryptography Mechanisms to Protect CUI unless Physical Safeguards
Requirement text: SC.3.185: Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This ...
CMMC SC.3.184 - Prevent Remote Devices from Split Tunneling Network Connections
Requirement text: SC.3.184: Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling). DISCUSSION ...
CMMC SC.3.183 - Deny Network Communications by Default and Allow by Exception
Requirement text: SC.3.183: Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement applies to ...
CMMC SC.3.182 - Prevent Information Loss via Shared System Resources
Requirement text: SC.3.182: Prevent unauthorized and unintended information transfer via shared system resources. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 The control of information in shared system resources (e.g., registers, cache memory, ...
CMMC SC.3.181 - Separate User Functionality from System Management Functionality
Requirement text: SC.3.181: Separate user functionality from system management functionality. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 System management functionality includes functions necessary to administer databases, network components, ...
CMMC SC.3.180 - Employ Security Architecture and Design and to Promote Effective Security
Requirement text: SC.3.180: Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 ...
CMMC SC.3.177 - Employ FIPS-Validated Cryptography to Protect CUI
Requirement text: SC.3.177: Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Cryptography can be employed to support many security solutions including the protection ...

Cybersecurity Maturity Model Certification (CMMC) | Systems And Communication Protection - Level 3 | Knowledge Base

Systems and Communication Protection - Level 3

CMMC SC.3.193 - Restrict Publication of CUI on Internet Sites

CMMC SC.3.192 - Implement Domain Name System Filtering

CMMC SC.3.191 - Protect CUI at Rest

CMMC SC.3.190 - Protect Authenticity of Communications Sessions

CMMC SC.3.189 - Control and Monitor use of VOIP Technologies

CMMC SC.3.188 - Control the Use of Mobile Code

CMMC SC.3.187 - Establish and Manage Cryptographic Keys

CMMC SC.3.186 - Terminate Unnecessary Network Sessions

CMMC SC.3.185 - Implement Cryptography Mechanisms to Protect CUI unless Physical Safeguards

CMMC SC.3.184 - Prevent Remote Devices from Split Tunneling Network Connections

CMMC SC.3.183 - Deny Network Communications by Default and Allow by Exception

CMMC SC.3.182 - Prevent Information Loss via Shared System Resources

CMMC SC.3.181 - Separate User Functionality from System Management Functionality

CMMC SC.3.180 - Employ Security Architecture and Design and to Promote Effective Security

CMMC SC.3.177 - Employ FIPS-Validated Cryptography to Protect CUI