Commonly Accepted and Practiced CMMC Operation Matrix
Commonly Accepted and Practiced CMMC Operating Model
The Commonly Accepted and Practiced CMMC Operating Model (CAPCOM) serves as the comprehensive repository for all CMMC Level 2 security requirements, assessment objectives, and methodologies for evidence collection and evaluation. Powered by Claude's advanced Large Language Model technology, CAPCOM provides guidance for evaluating information system compliance with the Department of Defense's Cybersecurity Maturity Model Certification program. Security professionals and IT leaders can leverage this AI-enhanced model to systematically identify gaps between their organizational infrastructure and CMMC requirements, enabling strategic remediation planning and implementation.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Access Control (AC)
AC.L2-3.1.1 – Authorized Access Control [CUI Data]
| Practice and Assessment Objectives | LLM Prompt | LLM Response |
|---|---|---|
| AC.L2-3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). | Sample Prompt Template | N/A |
| [a] authorized users are identified. | Sample Prompt | Sample Response |
| [b] processes acting on behalf of authorized users are identified. | Sample Prompt | Sample Response |
| [c] devices (and other systems) authorized to connect to the system are identified. | Sample Prompt | Sample Response |
| [d] system access is limited to authorized users. | Sample Prompt | Sample Response |
| [e] system access is limited to processes acting on behalf of authorized users. | Sample Prompt | Sample Response |
| [f] system access is limited to authorized devices (including other systems). | Sample Prompt | Sample Response |