CMMC Practice - SC.1.175

Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.

CMMC Practice - SC.1.176

Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

CMMC Practice - SC.3.177

Employ FIPS-validated cryptography when used to protect the confidentiality of “Controlled Unclassified Information” (CUI).

CMMC Practice - SC.2.178

Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.

CMMC Practice - SC.2.179

Use encrypted sessions for the management of network devices.

CMMC Practice - SC.3.180

Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.

CMMC Practice - SC.3.181

Separate user functionality from system management functionality.

CMMC Practice - SC.3.182

Prevent unauthorized and unintended information transfer via shared system resources.

CMMC Practice - SC.3.183

Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

CMMC Practice - SC.3.184

Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).

CMMC Practice - SC.3.185

Implement cryptographic mechanisms to prevent unauthorized disclosure of “Controlled Unclassified Information” (CUI) during transmission unless otherwise protected by alternative physical safeguards.

CMMC Practice - SC.3.186

Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.

CMMC Practice - SC.3.187

Establish and manage cryptographic keys for cryptography employed in organizational systems.

CMMC Practice - SC.3.188

Control and monitor the use of mobile code.

CMMC Practice - SC.3.189

Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.

CMMC Practice - SC.3.190

Protect the authenticity of communications sessions.

CMMC Practice - SC.3.191

Protect the confidentiality of “Controlled Unclassified Information” (CUI) at rest.

CMMC Practice - SC.3.192

Implement Domain Name System (DNS) filtering services.

CMMC Practice - SC.3.193

Implement a policy restricting the publication of “Controlled Unclassified Information” (CUI) on externally-owned publicly accessible websites (e.g., Forums, LinkedIn, Facebook, Twitter, etc.).