CMMC Practice Requirement:

Provide privacy and security notices consistent with applicable “Controlled Unclassified Information” (CUI) rules.

CMMC Requirement Explanation:

Your system users need to consent to your policies before using your system. System use notifications allow you to do this. You don't have to display all your policies but a high level overview is in order. This provides legal protection to your organization and informs users that they can be held accountable for the actions they take.

Example CMMC Implementation:

Create a privacy/security notice to display on your systems before users login. You can make the security notices appear on Windows workstations and servers using group policy. You can manually configure it on other systems such as Linux servers and network devices. Your notice should inform users of the following: You may monitor, record, and subject to audit any use of the system, unauthorized use of the system is prohibited, unauthorized use may be subject to criminal and civil penalties, by using the system users consent to monitoring and recording.


- Scenario 1:


Before an employee logs into their workstation they must click accept on your company's system use notification.
A system use notification on a Windows system.
A system use notification on a Windows system.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance