General overview of CMMC requirements
| CMMC domain | Capability |
| Access Control (AC) | Establish system access requirements Control internal system access Control remote system access Limit data access to authorized users and processes |
| Asset management (AM) | Identify and document assets |
| Audit and Accountability (AU) | Define audit requirements Perform auditing Identify and protect audit information Review and manage audit logs |
| Awareness and Training (AT) | Conduct security awareness activities Conduct training |
| Configuration Management (CM) | Establish configuration baselines Perform configuration and change management |
| Identification and Authentication (IA) | Grant access to authenticated entities |
| Incident Response (IR) | Plan incident response Detect and report events Develop/implement response to a declared incident Perform post incident reviews Test incident response |
| Maintenance (MA) | Manage maintenance |
| Media Protection (MP) | Identify and mark media Protect and control media Sanitize media Protect media during transport |
| Personnel Security (PS) | Screen personnel Protect CUI during personnel actions |
| Physical Protection (PE) | Limit physical access |
| Recovery (RE) | Manage back-ups |
| Risk Management (RM) | Identify and evaluate risk Manage risk |
| Security Assessment (CA) | Develop and manage a system security plan (SSP) Define and manage controls Perform code reviews |
| Situational Awareness (SA) | Implement threat monitoring |
| System and Communications Protection (SC) | Define security requirements for systems/comm. Control communications at system boundaries |
| System and Information Integrity (SI) | Identify and manage information system flaws Identify malicious content Perform network and system monitoring Implement advanced email protections |
Let’s make our US supply chain stronger! If you need help with implementation then reach out to us at 603-742-1118 or use this form https://resolvetech.biz/contact/
