General overview of CMMC requirements

CMMC domainCapability
Access Control (AC)Establish system access requirements
Control internal system access
Control remote system access
Limit data access to authorized users and processes
Asset management (AM)Identify and document assets
Audit and Accountability (AU)Define audit requirements
Perform auditing
Identify and protect audit information
Review and manage audit logs
Awareness and Training (AT)Conduct security awareness activities
Conduct training
Configuration Management (CM)Establish configuration baselines
Perform configuration and change management
Identification and Authentication (IA)Grant access to authenticated entities
Incident Response (IR)Plan incident response
Detect and report events
Develop/implement response to a declared incident
Perform post incident reviews
Test incident response
Maintenance (MA)Manage maintenance
Media Protection (MP)Identify and mark media
Protect and control media
Sanitize media
Protect media during transport
Personnel Security (PS)Screen personnel
Protect CUI during personnel actions
Physical Protection (PE)Limit physical access
Recovery (RE)Manage back-ups
Risk Management (RM)Identify and evaluate risk
Manage risk
Security Assessment (CA)Develop and manage a system security plan (SSP)
Define and manage controls
Perform code reviews
Situational Awareness (SA)Implement threat monitoring
System and Communications Protection (SC)Define security requirements for systems/comm.
Control communications at system boundaries
System and Information Integrity (SI)Identify and manage information system flaws
Identify malicious content
Perform network and system monitoring
Implement advanced email protections

Let’s make our US supply chain stronger! If you need help with implementation then reach out to us at 603-742-1118 or use this form