The Cybersecurity Maturity Model Certification (CMMC) Level 1 is designed to protect Federal Contract Information (FCI) and includes 17 basic cyber hygiene practices. These practices are grouped into six domains: Access Control, Identification and Authentication, Media Protection, Physical Protection, System and Communications Protection, and System and Information Integrity. The focus of Level 1 is on simple security measures that all contractors must implement to safeguard FCI, such as limiting information access to authorized users, ensuring proper identification and authentication, protecting media, and managing physical and system security (Xage Security) (UGA SBDC).
The Access Control (AC) control within the CMMCL1 framework is designed to manage and restrict access to information systems, ensuring that only authorized users or entities are granted access to resources and sensitive information. The goal is to prevent unauthorized access, disclosure, alteration, or destruction of critical assets, thereby safeguarding the confidentiality, integrity, and availability of information.
The Authorized Access Control (AC.L1-3.1.1[b]) subcontrol is an essential component of the CMMCL1 Access Control (AC) control family. It is designed to ensure that only authorized personnel can access critical systems, data, and resources within an organization. This subcontrol specifically addresses the process of authorizing user access to sensitive information and assets.
The Authorized Access Control (AC.L1-3.1.1[a]) subcontrol is a critical element of the CMMCL1 Access Control (AC) control family. Its purpose is to ensure that only authorized individuals and entities are granted access to sensitive systems, data, and resources within an organization. This subcontrol specifically addresses the process of authorizing and authenticating user access.
The Control Public Information (AC.L1-3.1.22[e]) subcontrol is an integral component of the CMMCL1 Access Control (AC) control family. It is designed to establish controls and procedures for managing and controlling the release of public information by an organization. This subcontrol is crucial to protect sensitive information from inadvertent disclosure.
The Control Public Information (AC.L1-3.1.22[d]) subcontrol is a crucial component of the CMMCL1 Access Control (AC) control family. Its purpose is to establish controls and procedures for managing and controlling the release of public information by an organization. This subcontrol helps ensure that public information is accurate, appropriate, and in compliance with organizational policies.
The Control Public Information (AC.L1-3.1.22[c]) subcontrol is an integral component of the CMMCL1 Access Control (AC) control family. Its purpose is to establish controls and procedures for managing and controlling the release of public information by an organization. This subcontrol ensures that public information is accurate, appropriate, and aligns with organizational policies and guidelines.
Control Public Information (AC.L1-3.1.22[b]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol focuses on managing the disclosure of information to the public, ensuring that sensitive or classified information is appropriately protected from unauthorized release.
Control Public Information (AC.L1-3.1.22[a]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol is designed to ensure that organizations have established and implemented measures to control the release of sensitive or classified information to the public.
External Connections (AC.L1-3.1.20[f]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol is designed to manage and secure external connections to an organization's information systems to protect against unauthorized access and potential security threats.
External Connections (AC.L1-3.1.20[e]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol is aimed at managing and securing external connections to an organization's information systems, ensuring that these connections are established and maintained in a secure and controlled manner.
Ensures authorized and secure access to systems and applications from external connections, such as remote access, virtual private networks (VPNs), and cloud services.
Addresses risks associated with unauthorized access, data breaches, malware intrusions, and system compromises.
External Connections (AC.L1-3.1.20[b]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol focuses on managing and securing external connections to an organization's information systems to prevent unauthorized access and mitigate potential security risks.
External Connections (AC.L1-3.1.20[a]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol addresses the management and security of external connections to an organization's information systems, focusing on preventing unauthorized access and safeguarding against potential security threats.
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
Transaction & Function Control (AC.L1-3.1.2[a]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol focuses on regulating and securing specific transactions and functions within an organization's information systems to prevent unauthorized or improper access.
Authorized Access Control (AC.L1-3.1.1[f]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol focuses on managing and enforcing access rights to ensure that only authorized personnel are granted access to critical systems and data.
Authorized Access Control (AC.L1-3.1.1[e]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol focuses on managing and enforcing access rights to ensure that only authorized personnel are granted access to critical systems and data.
Authorized Access Control (AC.L1-3.1.1[d]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol is focused on ensuring that access to an organization's information systems is granted only to authorized individuals, processes, or systems, in line with established policies and procedures.
Authorized Access Control (AC.L1-3.1.1[c]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). It is designed to ensure that access to an organization's information systems is granted only to authorized individuals, processes, or systems, following established policies and procedures.
External Connections (AC.L1-3.1.20[c]) is a subcontrol within the Access Control (AC) control family of the Cybersecurity Maturity Model Certification Level 1 (CMMC L1). This subcontrol focuses on managing and securing external connections to an organization's information systems to prevent unauthorized access and protect against potential security threats.
The Identification and Authentication (IA) control within the CMMCL1 framework is designed to establish and enforce processes and mechanisms that verify the identity of users and entities accessing information systems. This control aims to ensure that only authorized individuals or entities gain access to sensitive resources, thereby protecting the confidentiality, integrity, and availability of information.
Identification (IA.L1-3.5.1[c]) is a subcontrol within the Identification and Authentication (IA) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on ensuring that users and entities attempting to access an organization's information systems are uniquely identified, allowing for precise tracking and accountability.
Authentication (IA.L1-3.5.2[c]) is a subcontrol within the Identification and Authentication (IA) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on verifying the identity of users and entities accessing an organization's information systems to ensure that only authorized individuals or entities gain access.
Authentication (IA.L1-3.5.2[b]) is a subcontrol within the Identification and Authentication (IA) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on verifying the identity of users and entities accessing an organization's information systems to ensure that only authorized individuals or entities gain access.
Authentication (IA.L1-3.5.2[a]) is a subcontrol within the Identification and Authentication (IA) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on ensuring that individuals accessing an organization's information systems are verified and confirmed as authorized users.
Identification (IA.L1-3.5.1[b]) is a subcontrol within the Identification and Authentication (IA) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on ensuring that users and entities attempting to access an organization's information systems are uniquely identified, allowing for precise tracking and accountability.
Identification (IA.L1-3.5.1[a]) is a subcontrol within the Identification and Authentication (IA) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on ensuring that individuals and entities accessing an organization's information systems are uniquely identified, enabling precise tracking and accountability.
The Media Protection (MP) control within the CMMCL1 framework focuses on safeguarding physical and digital media that store sensitive information. The goal is to prevent unauthorized access, disclosure, alteration, or destruction of data stored on various types of media, including physical devices, removable storage, and digital repositories.
Media Disposal (MP.L1-3.8.3[a]) is a subcontrol within the Media Protection (MP) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the secure disposal of media, including physical and digital media, to prevent unauthorized access to sensitive information and data breaches.
Media Disposal (MP.L1-3.8.3[b]) is a subcontrol within the Media Protection (MP) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on establishing procedures for the secure disposal of media to prevent unauthorized access to sensitive information and protect against data breaches.
The Physical Protection (PE) control within the CMMCL1 framework is designed to establish measures to safeguard physical assets, facilities, and personnel from unauthorized access, damage, or harm. This control aims to protect critical resources, sensitive information, and ensure the continuity of operations by implementing security measures at physical locations.
Manage Physical Access (PE.L1-3.10.5[c]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on ensuring that physical access to facilities and areas housing sensitive information technology (IT) assets is managed and controlled to prevent unauthorized entry and protect against physical security threats.
Manage Physical Access (PE.L1-3.10.5[b]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on managing and controlling physical access to facilities and areas that house sensitive information technology (IT) assets to prevent unauthorized entry and protect against physical security threats.
Limit Physical Access (PE.L1-3.10.1[c]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on restricting and controlling physical access to facilities, areas, and equipment that house sensitive information technology (IT) assets.
Manage Physical Access (PE.L1-3.10.5[a]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on managing and controlling physical access to facilities, areas, and equipment that house sensitive information technology (IT) assets to prevent unauthorized entry and protect against physical security threats.
Physical Access Logs (PE.L1-3.10.4) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the creation and maintenance of logs that record physical access to facilities, areas, and equipment housing sensitive information technology (IT) assets.
Escort Visitors (PE.L1-3.10.3[a]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the practice of ensuring that all visitors to an organization's facilities are accompanied and supervised by authorized personnel to prevent unauthorized access and protect sensitive areas.
Limit Physical Access (PE.L1-3.10.1[d]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on restricting and controlling physical access to facilities, areas, and equipment housing sensitive information technology (IT) assets.
Limit Physical Access (PE.L1-3.10.1[b]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on restricting and controlling physical access to facilities, areas, and equipment that house sensitive information technology (IT) assets.
Limit Physical Access (PE.L1-3.10.1[a]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the practice of restricting and controlling physical access to facilities, areas, and equipment housing sensitive information technology (IT) assets.
Escort Visitors (PE.L1-3.10.3[b]) is a subcontrol within the Physical Protection (PE) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on ensuring that all visitors to an organization's facilities are appropriately escorted by authorized personnel to prevent unauthorized access and protect sensitive areas.
The System and Communications Protection (SC) control within the CMMCL1 framework is designed to ensure the secure operation of information systems and the protection of communication channels. This control focuses on preventing unauthorized access, ensuring the confidentiality and integrity of data in transit and at rest, and managing risks associated with the use of information systems.
Public-Access System Separation (SC.L1-3.13.5[a]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the practice of separating systems and networks that are accessible by the public from those that contain sensitive information or are critical to an organization's operations.
Public-Access System Separation (SC.L1-3.13.5[b]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the practice of separating systems and networks that are accessible by the public from those that contain sensitive information or are critical to an organization's operations.
Boundary Protection (SC.L1-3.13.1[h]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on implementing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
Boundary Protection (SC.L1-3.13.1[g]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on implementing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
Boundary Protection (SC.L1-3.13.1[f]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on establishing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
Boundary Protection (SC.L1-3.13.1[d]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of establishing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
Boundary Protection (SC.L1-3.13.1[c]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of establishing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
Boundary Protection (SC.L1-3.13.1[b]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of establishing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
Boundary Protection (SC.L1-3.13.1[a]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of implementing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
Boundary Protection (SC.L1-3.13.1[e]) is a subcontrol within the System and Communications Protection (SC) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol underscores the importance of implementing security measures to protect network boundaries and control the flow of information between an organization's network and external networks or the internet.
The System and Information Integrity (SI) control within the CMMCL1 framework is designed to ensure the trustworthiness and reliability of information systems and the information processed within them. This control focuses on preventing, detecting, and responding to incidents that could compromise the integrity of information, the functionality of information systems, and the overall security posture of the organization.
System & File Scanning (SI.L1-3.14.5[c]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the implementation of security measures to regularly scan systems and files for vulnerabilities, malware, or unauthorized changes.
System & File Scanning (SI.L1-3.14.5[b]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the implementation of security measures to regularly scan systems and files for vulnerabilities, malware, or unauthorized changes.
System & File Scanning (SI.L1-3.14.5[a]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of implementing security measures to regularly scan systems and files for vulnerabilities, malware, or unauthorized changes.
Update Malicious Code Protection (SI.L1-3.14.4) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on ensuring that organizations implement measures to protect their systems from malicious code, such as viruses, malware, and other harmful software.
Malicious Code Protection (SI.L1-3.14.2[b]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol focuses on the implementation of security measures to protect systems and data from malicious code, such as viruses, malware, and other harmful software.
Malicious Code Protection (SI.L1-3.14.2[a]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of implementing security measures to protect systems and data from malicious code, such as viruses, malware, and other harmful software.
Flaw Remediation (SI.L1-3.14.1[f]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of addressing and remediating software and hardware vulnerabilities promptly.
Flaw Remediation (SI.L1-3.14.1[e]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol underscores the importance of identifying, assessing, and promptly remediating software and hardware vulnerabilities to maintain system integrity and data security.
Flaw Remediation (SI.L1-3.14.1[d]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of promptly addressing and remediating software and hardware vulnerabilities to maintain system integrity and data security.
Flaw Remediation (SI.L1-3.14.1[c]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of promptly identifying, assessing, and remediating software and hardware vulnerabilities to uphold system integrity and data security.
Flaw Remediation (SI.L1-3.14.1[b]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol underscores the importance of promptly addressing and remediating software and hardware vulnerabilities to maintain system integrity and data security.
Flaw Remediation (SI.L1-3.14.1[a]) is a subcontrol within the System and Information Integrity (SI) control family of the Cybersecurity Maturity Model Certification (CMMC) Level 1. This subcontrol emphasizes the importance of promptly addressing and remediating software and hardware vulnerabilities to maintain system integrity and data security.