CSF Identifiers

From CMMC Toolkit Wiki
Revision as of 20:58, 9 April 2023 by Wikiadmin (talk | contribs)
Jump to navigation Jump to search
Function Unique Identifier Function Category Unique Identifier Category
ID Identify ID.AM Asset Management
ID.BE Business Environment
ID.GV Governance
ID.RA Risk Assessment
ID.RM Risk Management Strategy
ID.SC Business Environment
PR Protect PR.AC Identity Management and Access Control
PR.AT Awareness and Training
PR.DS Data Security
PR.IP Information Protection Processes and Procedures
PR.MA Maintenance
PR.PT Protective Technology
DE Detect DE.AE Anomalies and Events
DE.CM Security Continuous Monitoring
DE.DP Detection Process
Specialized Assets
  • Assets that may or may not process, store, or transmit CUI
  • Assets include: government property, Internet of Things (IoT) devices, Operational Technology (OT), Restricted Information Systems, and Test Equipment
  • Review the SSP in accordance with practice CA.L2-3.12.4
  • Do not assess against other CMMC practices
Assets that are not in the CMMC Assessment Scope
Out-of-Scope Assets
  • Assets that cannot process, store, or transmit CUI
  • Assets are required to be physically or logically separated from CUI assets
  • None
Retrieved from "https://cmmcwiki.org/index.php?title=CSF_Identifiers&oldid=584"