CMMC Practice - SC.1.175
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
CMMC Practice - SC.1.176
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
CMMC Practice - SC.3.177
Employ FIPS-validated cryptography when used to protect the confidentiality of “Controlled Unclassified Information” (CUI).
CMMC Practice - SC.2.178
Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.
CMMC Practice - SC.2.179
Use encrypted sessions for the management of network devices.
CMMC Practice - SC.3.180
Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.
CMMC Practice - SC.3.181
Separate user functionality from system management functionality.
CMMC Practice - SC.3.182
Prevent unauthorized and unintended information transfer via shared system resources.
CMMC Practice - SC.3.183
Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
CMMC Practice - SC.3.184
Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).
CMMC Practice - SC.3.185
Implement cryptographic mechanisms to prevent unauthorized disclosure of “Controlled Unclassified Information” (CUI) during transmission unless otherwise protected by alternative physical safeguards.
CMMC Practice - SC.3.186
Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.
CMMC Practice - SC.3.187
Establish and manage cryptographic keys for cryptography employed in organizational systems.
CMMC Practice - SC.3.188
Control and monitor the use of mobile code.
CMMC Practice - SC.3.189
Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.
CMMC Practice - SC.3.190
Protect the authenticity of communications sessions.
CMMC Practice - SC.3.191
Protect the confidentiality of “Controlled Unclassified Information” (CUI) at rest.
CMMC Practice - SC.3.192
Implement Domain Name System (DNS) filtering services.
CMMC Practice - SC.3.193
Implement a policy restricting the publication of “Controlled Unclassified Information” (CUI) on externally-owned publicly accessible websites (e.g., Forums, LinkedIn, Facebook, Twitter, etc.).