CMMC Practice - AC.1.001

Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).

CMMC Practice - AC.1.002

Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

CMMC Practice - AC.1.003

Verify and control/limit connections to and use of external information systems.

CMMC Practice - AC.1.004

Control information posted or processed on publicly accessible information systems.

CMMC Practice - AC.2.005

Provide privacy and security notices consistent with applicable “Controlled Unclassified Information” (CUI) rules.

CMMC Practice - AC.2.006

Limit use of portable storage devices on external systems.

CMMC Practice - AC.2.007

Employ the principle of least privilege, including for specific security functions and privileged accounts.

CMMC Practice - AC.2.008

Use non-privileged accounts or roles when accessing nonsecurity functions.

CMMC Practice - AC.2.009

Limit unsuccessful logon attempts.

CMMC Practice - AC.2.010

Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.

CMMC Practice - AC.2.011

Authorize wireless access prior to allowing such connections.

CMMC Practice - AC.3.012

Protect wireless access using authentication and encryption.

CMMC Practice - AC.2.013

Monitor and control remote access sessions.

CMMC Practice - AC.3.014

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.

CMMC Practice - AC.2.015

Route remote access via managed access control points.

CMMC Practice - AC.2.016

Control the flow of Federal Contract Information in accordance with approved authorizations.

CMMC Practice - AC.3.017

Separate the duties of individuals to reduce the risk of malevolent activity without collusion.

CMMC Practice - AC.3.018

Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.

CMMC Practice - AC.3.019

Terminate (automatically) user sessions after a defined condition.

CMMC Practice - AC.3.020

Control connection of mobile devices.

CMMC Practice - AC.3.021

Authorize remote execution of privileged commands and remote access to security relevant information.

CMMC Practice - AC.3.022

Encrypt CUI on mobile devices and mobile computing platforms.