List of Practices:

Below is our full collection of articles about the CMMC Practices. In these articles we dive in to the CMMC Practice Guides and provide our thoughts about the practices and what contractors should consider. The CMMC ecosystem is still developing, and as those developments occur, we will update these articles accordingly. As such, we hope that these articles represent an evergreen CMMC resource.

AC.L1

  • (AC.L1-3.1.1) Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
  • (AC.L1-3.1.2) Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
  • (AC.L1-3.1.20) Verify and control/limit connections to and use of external information systems.
  • (AC.L1-3.1.22) Control information posted or processed on publicly accessible information systems.
  • (IA.L1-3.5.1) Identify information system users, processes acting on behalf of users, or devices.

IA.L1

  • (IA.L1-3.5.2) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

MP.L1

  • (MP.L1-3.8.3) Sanitize or destroy information system media containing Federal Contract Information [or Controlled Unclassified Information] before disposal or release for reuse.

PE.L1

  • (PE.L1-3.10.1) Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
  • (PE.L1-3.10.3) Escort visitors and monitor visitor activity.
  • (PE.L1-3.10.4) Maintain audit logs of physical access.
  • (PE.L1-3.10.5) Control and manage physical access devices.

SC.L1

  • (SC.L1-3.13.1) Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
  • (SC.L1-3.13.5) Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

SI.L1

  • (SI.L1-3.14.1) Identify, report, and correct information and information system flaws in a timely manner.
  • (SI.L1-3.14.2) Provide protection from malicious code at appropriate locations within organizational information systems.
  • (SI.L1-3.14.4) Update malicious code protection mechanisms when new releases are available.
  • (SI.L1-3.14.5) Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

 

 

 


 

 

 

After over three years of development, the Government published the CMMC Proposed Rule into the Federal Register on December 26, 2023.

The rule sets out numerous cybersecurity requirements for Department of Defense contractors, subcontractors, and adjacent industries.

 

 

 


 

 

 

Keiter’s Cybersecurity team can adapt to meet the needs of clients large and small while addressing the latest cybersecurity threats and providing critical insight into an organization’s cybersecurity footprint. Good cybersecurity starts with strong corporate governance and ends with properly trained staff and secured systems.

Keiter is a Registered Provider Organization (RPO) in the CMMC Marketplace.

 

 

 


 

 

 

Goodbye CMMC 1.0, Hello CMMC 2.0

In November of 2021, the Department of Defense announced a major overhaul to the Cybersecurity Maturity Model Certification (CMMC) program. The nascent cybersecurity compliance program came under criticism from the defense industrial base (DIB) because of its extensive requirements and onerous penalties.

The program changes come as a result of an extensive internal review which was prompted by over 850 public comments regarding the CMMC during the public comment period in the Fall of 2020 in addition to concerns raised by Congress.

Read Our Full Summary of CMMC Program Changes >

Your Opportunity Advisors

Chris Moschella

Risk Advisory Services Senior Manager

Scott McAuliffe

Risk Advisory Services Partner

Contact Us