Commonly Accepted and Practiced CMMC Operation Matrix: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 11: | Line 11: | ||
! '''Practice and Assessment Objectives''' || '''LLM Prompt''' || '''LLM Response''' | ! '''Practice and Assessment Objectives''' || '''LLM Prompt''' || '''LLM Response''' | ||
|- | |- | ||
| [[ Practice_AC.L2-3.1.1_Details | '''AC.L2-3.1.1''' ]] Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). || [[ LLMPrompt_AC.L2-3.1.1 | Sample Prompt Template ]] || N/A | |||
|- | |- | ||
| [a] authorized users are identified. || | | [a] authorized users are identified. || [[ LLMPrompt_AC.L2-3.1.1.a | Sample Prompt ]] || [[ LLMResponse_AC.L2-3.1.1.a | Sample Response ]] | ||
|- | |- | ||
| [b] processes acting on behalf of authorized users are identified. || | | [b] processes acting on behalf of authorized users are identified. || [[ LLMPrompt_AC.L2-3.1.1.b | Sample Prompt ]] || [[ LLMResponse_AC.L2-3.1.1.b | Sample Response ]] | ||
|- | |- | ||
| [c] devices (and other systems) authorized to connect to the system are identified. || | | [c] devices (and other systems) authorized to connect to the system are identified. || [[ LLMPrompt_AC.L2-3.1.1.c | Sample Prompt ]] || [[ LLMResponse_AC.L2-3.1.1.c | Sample Response ]] | ||
|- | |- | ||
| [d] system access is limited to authorized users. || | | [d] system access is limited to authorized users. || [[ LLMPrompt_AC.L2-3.1.1.d | Sample Prompt ]] || [[ LLMResponse_AC.L2-3.1.1.d | Sample Response ]] | ||
|- | |- | ||
| [e] system access is limited to processes acting on behalf of authorized users. || | | [e] system access is limited to processes acting on behalf of authorized users. || [[ LLMPrompt_AC.L2-3.1.1.e | Sample Prompt ]] || [[ LLMResponse_AC.L2-3.1.1.e | Sample Response ]] | ||
|- | |- | ||
| [f] system access is limited to authorized devices (including other systems). || | | [f] system access is limited to authorized devices (including other systems). || [[ LLMPrompt_AC.L2-3.1.1.f | Sample Prompt ]] || [[ LLMResponse_AC.L2-3.1.1.f | Sample Response ]] | ||
|} | |} | ||
Revision as of 04:38, 28 March 2025
Commonly Accepted and Practiced CMMC Operating Model
The Commonly Accepted and Practiced CMMC Operating Model (CAPCOM) serves as the comprehensive repository for all CMMC Level 2 security requirements, assessment objectives, and methodologies for evidence collection and evaluation. Powered by Claude's advanced Large Language Model technology, CAPCOM provides guidance for evaluating information system compliance with the Department of Defense's Cybersecurity Maturity Model Certification program. Security professionals and IT leaders can leverage this AI-enhanced model to systematically identify gaps between their organizational infrastructure and CMMC requirements, enabling strategic remediation planning and implementation.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Access Control (AC)
AC.L2-3.1.1 – Authorized Access Control [CUI Data]
| Practice and Assessment Objectives | LLM Prompt | LLM Response |
|---|---|---|
| AC.L2-3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). | Sample Prompt Template | N/A |
| [a] authorized users are identified. | Sample Prompt | Sample Response |
| [b] processes acting on behalf of authorized users are identified. | Sample Prompt | Sample Response |
| [c] devices (and other systems) authorized to connect to the system are identified. | Sample Prompt | Sample Response |
| [d] system access is limited to authorized users. | Sample Prompt | Sample Response |
| [e] system access is limited to processes acting on behalf of authorized users. | Sample Prompt | Sample Response |
| [f] system access is limited to authorized devices (including other systems). | Sample Prompt | Sample Response |