CMMC Handbook / CMMC Domains
CMMC Access Control
Ensure that only authorized persons can access your systems and information.
CMMC Asset Management
Identify and document your system assets such as workstations and servers.
CMMC Audit and Accountability
Create, protect, and retain system logs, to monitor, analyze, investigate, and report unauthorized activity occurring on your systems.
CMMC Awareness and Training
Ensure that users have proper security training before being allowed to access or administer your systems and information.
CMMC Configuration Management
Securely configure and maintain your systems in accordance with best practices and prevent unauthorized changes from being made.
CMMC Identification and Authentication
Properly verify the identities of users, processes, and devices before allowing them to access your systems and information.
CMMC Incident Response
Build an incident response capability to react to cybersecurity incidents.
CMMC Maintenance
Schedule and perform authorized maintenance on your systems in accordance with manufacturer requirements.
CMMC Media Protection
Protect the confidentiality and integrity of digital media (e.g. hard drives) and non-digital media (e.g. paper).
CMMC Personnel Security
Minimize the risk your staff pose to your systems and information.
CMMC Physical Protection
Protect your facilities, personnel, and systems from physical threats such as unauthorized facility access.
CMMC Recovery
Develop recovery plans and implement backups to bring your systems back up and running after an interruption.
CMMC Risk Management
Assess the risks your systems face from various threats and vulnerabilities and develop plans to mitigate risk.
CMMC Security Assessment
Assess your current cybersecurity program and develop a system security plan to implement the required cybersecurity controls.
CMMC Situational Awareness
Monitor threats that may impact your systems and information.
CMMC System and Communications Protections
Implement encrypted communications and control communications to protect your data.
CMMC System and Information Integrity
Keep your systems updated with security patches to prevent malware infections, ensure that you have anti-malware software deployed and secure your email systems.