Invalid Control ID entered.
CMMC v2.13 Practices
| Number | Practice |
|---|---|
| Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). | |
| Limit information system access to the types of transactions and functions that authorized users are permitted to execute. | |
| Verify and control/limit connections to and use of external information systems. | |
| Control information posted or processed on publicly accessible information systems. | |
| Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other information systems). | |
| Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity. | |
| Terminate (automatically) a user session after a defined condition. | |
| Monitor and control remote access sessions. | |
| Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. | |
| Route remote access via managed access control points. | |
| Authorize remote execution of privileged commands and remote access to security-relevant information. | |
| Authorize wireless access prior to allowing such connections. | |
| Protect wireless access using authentication and encryption. | |
| Control connection of mobile devices. | |
| Encrypt CUI on mobile devices and mobile computing platforms. | |
| Limit system access to the types of transactions and functions that authorized users are permitted to execute. | |
| Verify and control/limit connections to and use of external systems. | |
| Limit use of portable storage devices on external systems. | |
| Control CUI posted or processed on publicly accessible systems. | |
| Control the flow of CUI in accordance with approved authorizations. | |
| Separate the duties of individuals to reduce the risk of malevolent activity without collusion. | |
| Employ the principle of least privilege, including for specific security functions and privileged accounts. | |
| Use non-privileged accounts or roles when accessing nonsecurity functions. | |
| Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs. | |
| Limit unsuccessful logon attempts. |