Level 1 Assessment Guide
Source of Reference: The official CMMC Level 1 Self-Assessment Guide from the Office of the Under Secretary of Defense Acquisition & Sustainment.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Access Control (AC)
Level 1 AC Practices
AC.L1-3.1.1 - AUTHORIZED ACCESS CONTROL
SECURITY REQUIREMENT
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
AC.L1-3.1.2 - TRANSACTION & FUNCTION CONTROL
SECURITY REQUIREMENT
Limit information system access to the types of transactions and functions that authorized users are permitted to execute. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
AC.L1-3.1.20 - EXTERNAL CONNECTIONS
SECURITY REQUIREMENT
Verify and control/limit connections to and use of external information systems. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
AC.L1-3.1.22 - CONTROL PUBLIC INFORMATION
SECURITY REQUIREMENT
Control information posted or processed on publicly accessible information systems. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
Identification and Authentication (IA)
Level 1 IA Practices
IA.L1-3.5.1 – IDENTIFICATION
SECURITY REQUIREMENT
Identify information system users, processes acting on behalf of users, or devices.ASSESSMENT OBJECTIVES
|
More Practice Details... |
IA.L1-3.5.2 – AUTHENTICATION
SECURITY REQUIREMENT
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. |
ASSESSMENT OBJECTIVES
prerequisite to system access; and
verified as a prerequisite to system access. |
More Practice Details... |
Media Protection (MP)
Level 1 MP Practices
MP.L1-3.8.3 – MEDIA DISPOSAL
SECURITY REQUIREMENT
Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
Physical Protection (PE)
Level 1 PE Practices
PE.L1-3.10.1 – LIMIT PHYSICAL ACCESS
SECURITY REQUIREMENT
Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
PE.L1-3.10.3 – ESCORT VISITORS
SECURITY REQUIREMENT
Escort visitors and monitor visitor activity. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
PE.L1-3.10.4 – PHYSICAL ACCESS LOGS
SECURITY REQUIREMENT
Maintain audit logs of physical access. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
PE.L1-3.10.5 – MANAGE PHYSICAL ACCESS
SECURITY REQUIREMENT
Control and manage physical access devices. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
System and Communications Protection (SC)
Level 1 SC Practices
SC.L1-3.13.1 – BOUNDARY PROTECTION
SECURITY REQUIREMENT
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
SC.L1-3.13.5 – PUBLIC-ACCESS SYSTEM SEPARATION
SECURITY REQUIREMENT
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. |
ASSESSMENT OBJECTIVES
separated from internal networks. |
More Practice Details... |
System and Information Integrity (SI)
Level 1 SI Practices
SI.L1-3.14.1 – FLAW REMEDIATION
SECURITY REQUIREMENT
Identify, report, and correct information and information system flaws in a timely manner.ASSESSMENT OBJECTIVES
|
More Practice Details... |
SI.L1-3.14.2 – MALICIOUS CODE PROTECTION
SECURITY REQUIREMENT
Provide protection from malicious code at appropriate locations within organizational information systems. |
ASSESSMENT OBJECTIVES
|
More Practice Details... |
SI.L1-3.14.4 – UPDATE MALICIOUS CODE PROTECTION
SECURITY REQUIREMENT
Update malicious code protection mechanisms when new releases are available.ASSESSMENT OBJECTIVES
|
More Practice Details... |
SI.L1-3.14.5 – SYSTEM & FILE SCANNING
SECURITY REQUIREMENT
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. |
ASSESSMENT OBJECTIVES
opened, or executed are performed. |
More Practice Details... |