Commonly Accepted and Practiced CMMC Operation Matrix
CAPCOM
The experimental CAPCOM serves as a repository for all CMMC Level 2 security requirements, assessment objectives, and AI-enhanced methodologies for evidence collection and evaluation. Powered by Claude's advanced Large Language Model technology, CAPCOM provides guidance for evaluating information system compliance with the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) program. Security professionals and IT leaders can leverage this AI-enhanced model to systematically identify gaps between their organizational infrastructure and CMMC requirements, enabling strategic remediation planning and implementation.
DISCLAIMER: The LLM-based AI is pretty cool, but it can also create erroneous responses. Always double-check the response before using it.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Access Control (AC)
AC.L2-3.1.1 – Authorized Access Control [CUI Data]
| Practice and Assessment Objectives | LLM Prompt | LLM Response |
|---|---|---|
| AC.L2-3.1.1 Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). | Sample Prompt Template | N/A |
| [a] authorized users are identified. | Sample Prompt | Sample Response |
| [b] processes acting on behalf of authorized users are identified. | Sample Prompt | Sample Response |
| [c] devices (and other systems) authorized to connect to the system are identified. | Sample Prompt | Sample Response |
| [d] system access is limited to authorized users. | Sample Prompt | Sample Response |
| [e] system access is limited to processes acting on behalf of authorized users. | Sample Prompt | Sample Response |
| [f] system access is limited to authorized devices (including other systems). | Sample Prompt | Sample Response |