CMMC Practice - AC.1.001
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
CMMC Practice - AC.1.002
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
CMMC Practice - AC.1.003
Verify and control/limit connections to and use of external information systems.
CMMC Practice - AC.1.004
Control information posted or processed on publicly accessible information systems.
CMMC Practice - AC.2.005
Provide privacy and security notices consistent with applicable “Controlled Unclassified Information” (CUI) rules.
CMMC Practice - AC.2.006
Limit use of portable storage devices on external systems.
CMMC Practice - AC.2.007
Employ the principle of least privilege, including for specific security functions and privileged accounts.
CMMC Practice - AC.2.008
Use non-privileged accounts or roles when accessing nonsecurity functions.
CMMC Practice - AC.2.009
Limit unsuccessful logon attempts.
CMMC Practice - AC.2.010
Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
CMMC Practice - AC.2.011
Authorize wireless access prior to allowing such connections.
CMMC Practice - AC.3.012
Protect wireless access using authentication and encryption.
CMMC Practice - AC.2.013
Monitor and control remote access sessions.
CMMC Practice - AC.3.014
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
CMMC Practice - AC.2.015
Route remote access via managed access control points.
CMMC Practice - AC.2.016
Control the flow of Federal Contract Information in accordance with approved authorizations.
CMMC Practice - AC.3.017
Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
CMMC Practice - AC.3.018
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
CMMC Practice - AC.3.019
Terminate (automatically) user sessions after a defined condition.
CMMC Practice - AC.3.020
Control connection of mobile devices.
CMMC Practice - AC.3.021
Authorize remote execution of privileged commands and remote access to security relevant information.
CMMC Practice - AC.3.022
Encrypt CUI on mobile devices and mobile computing platforms.