The CMMC Level 1, 17 Practices Identified and Explained

Welcome to this final entry regarding the 17 Practices within CMMC Level 1 compliance.  This article identifies the 6 Domains, containing 9 Capabilities and requiring 17 Practices to be active and integrated within the company operations in order to comply with 48 CFR 52.204-21 and to reach CMMC Level 1 compliance.  There are no Processes […]

CMMC V1.02 – SI.1.213 – Perform Periodic Scans of Information Systems

In our final entry of the Practices found in CMMC Level 1, within the Domain, System and Information Integrity, we cover SI.1.213 – Perform periodic scans of information systems and real-time scans of files from external sources as files are downloaded, opened or executed.  This Practice is found within the Capability, C041, Identify Malicious Content, […]

CMMC V1.02 – SI.1.212 – Update Malicious Code Protection Mechanisms

The third Practice within the System and Information Security, also falling under the Capability, C041, Identify Malicious Content, is SI.1.212 – Update Malicious Code Protection Mechanisms When New Releases are Available.  This Practice focuses on ensuring you protect your IT system with new security releases and monitoring your system regularly.  You can find the Practice […]

CMMC V1.02 – SI.1.211 – Provide Protection From Malicious Code

We now explore the 2nd Practice within the Domain, System and Information Integrity (SI), S.I.211 – Provide protection from malicious code at appropriate locations within organizational information systems. This Practice falls under the second Capability within the (SI) Domain, C041, Identify Malicious Content and can be found in the CMMC Appendix B, page B-238 (Page […]

CMMC V1.02 – SI.1.210: Identify, Report and Correct Information/Flaws in a Timely Manner

In this entry, we move into the final Domain for Level 1, System and Information Integrity (SI). This domain ensures that technology assets (e.g., desktops, software) that contain CUI are continuously monitored to detect violations of the authorized security state. Additionally, electronic mail (email), a common attack vector, is monitored and protected to detect malicious […]

CMMC V1.02 – SC.1.176 – Implement Subnetworks for Publicly Accessible System Components

The second Practice within the System and Communication Protection Domain is, SC.1. 176: implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. This Practice also falls within the Capability, C039 – Control Communications at System Boundaries.  This Practice, along with the following content, is found in the CMMC V1.02, […]

CMMC V1.02 – SC.1.175 – Monitor, Control, and Protect Organizational Communications

We continue our discussion of the Practices within CMMC, Level 1, with the next Domain, System and Communication Protection (SC). Within this Domain, there are 2 capabilities and 2 practices for Level 1 compliance.  System and Communications Protection activities ensure the organization is actively identifying, managing, and controlling all system and communication channels that store […]

CMMC V1.02 – PE.1.134 – Control and Manage Physical Access Devices

The final Practice within the Physical Security (PE) Domain and Capability, Limit Physical Access, is PE.1.134, Control and manage physical access devices.  This Practice focuses on who can access the physical equipment used to track physical access to a facility (e.g., locks, badging, key cards, etc.) and who is responsible for monitoring and managing access […]