Level 1 Assessment Guide: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
'''Source of Reference: The official [https:// | '''Source of Reference: The official [https://dodcio.defense.gov/CMMC/Documentation/ CMMC Level 1 Self-Assessment Guide] from the Department of Defense Chief Information Officer (DoD CIO).''' | ||
For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. | For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you. | ||
Line 169: | Line 169: | ||
|'''SECURITY REQUIREMENT''' | |'''SECURITY REQUIREMENT''' | ||
Control and manage physical access devices. | Control and manage physical access devices. | ||
|- | |- | ||
|'''ASSESSMENT OBJECTIVES''' | |'''ASSESSMENT OBJECTIVES''' | ||
Line 176: | Line 174: | ||
: [b] physical access devices are controlled; and | : [b] physical access devices are controlled; and | ||
: [c] physical access devices are managed. | : [c] physical access devices are managed. | ||
|- | |||
|[[DoD_Assessment_Methodology|DoD Assessment Scoring Value]]: '''1''' | |||
|- | |- | ||
|[[Practice_PE.L1-3.10.5_Details|More Practice Details...]] | |[[Practice_PE.L1-3.10.5_Details|More Practice Details...]] |
Latest revision as of 23:34, 30 November 2022
Source of Reference: The official CMMC Level 1 Self-Assessment Guide from the Department of Defense Chief Information Officer (DoD CIO).
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Access Control (AC)
Level 1 AC Practices
AC.L1-3.1.1 - AUTHORIZED ACCESS CONTROL
SECURITY REQUIREMENT
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
AC.L1-3.1.2 - TRANSACTION & FUNCTION CONTROL
SECURITY REQUIREMENT
Limit information system access to the types of transactions and functions that authorized users are permitted to execute. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
AC.L1-3.1.20 - EXTERNAL CONNECTIONS
SECURITY REQUIREMENT
Verify and control/limit connections to and use of external information systems. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 1 |
More Practice Details... |
AC.L1-3.1.22 - CONTROL PUBLIC INFORMATION
SECURITY REQUIREMENT
Control information posted or processed on publicly accessible information systems. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 1 |
More Practice Details... |
Identification and Authentication (IA)
Level 1 IA Practices
IA.L1-3.5.1 – IDENTIFICATION
SECURITY REQUIREMENT
Identify information system users, processes acting on behalf of users, or devices. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
IA.L1-3.5.2 – AUTHENTICATION
SECURITY REQUIREMENT
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
Media Protection (MP)
Level 1 MP Practices
MP.L1-3.8.3 – MEDIA DISPOSAL
SECURITY REQUIREMENT
Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
Physical Protection (PE)
Level 1 PE Practices
PE.L1-3.10.1 – LIMIT PHYSICAL ACCESS
SECURITY REQUIREMENT
Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
PE.L1-3.10.3 – ESCORT VISITORS
SECURITY REQUIREMENT
Escort visitors and monitor visitor activity. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 1 |
More Practice Details... |
PE.L1-3.10.4 – PHYSICAL ACCESS LOGS
SECURITY REQUIREMENT
Maintain audit logs of physical access. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 1 |
More Practice Details... |
PE.L1-3.10.5 – MANAGE PHYSICAL ACCESS
SECURITY REQUIREMENT
Control and manage physical access devices. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 1 |
More Practice Details... |
System and Communications Protection (SC)
Level 1 SC Practices
SC.L1-3.13.1 – BOUNDARY PROTECTION
SECURITY REQUIREMENT
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
SC.L1-3.13.5 – PUBLIC-ACCESS SYSTEM SEPARATION
SECURITY REQUIREMENT
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
System and Information Integrity (SI)
Level 1 SI Practices
SI.L1-3.14.1 – FLAW REMEDIATION
SECURITY REQUIREMENT
Identify, report, and correct information and information system flaws in a timely manner. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
SI.L1-3.14.2 – MALICIOUS CODE PROTECTION
SECURITY REQUIREMENT
Provide protection from malicious code at appropriate locations within organizational information systems. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
SI.L1-3.14.4 – UPDATE MALICIOUS CODE PROTECTION
SECURITY REQUIREMENT
Update malicious code protection mechanisms when new releases are available. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 5 |
More Practice Details... |
SI.L1-3.14.5 – SYSTEM & FILE SCANNING
SECURITY REQUIREMENT
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. |
ASSESSMENT OBJECTIVES
|
DoD Assessment Scoring Value: 3 |
More Practice Details... |