CMMC 2.13
CMMC Practices
Each practice, grouped by domain and cross-referenced to the NIST controls that support it.
Domain: AC — Access Controlclear ✕
28 practices
AC
Access Control28AC.L1-b.1.iAuthorized Access Control [FCI Data]1 refL1AC.L1-b.1.iiTransaction & Function Control [FCI Data]1 refL1AC.L1-b.1.iiiExternal Connections [FCI Data]1 refL1AC.L1-b.1.ivControl Public Information [FCI Data]1 refL1AC.L2-3.1.1Authorized Access Control [CUI Data]1 refL2AC.L2-3.1.2Transaction & Function Control [CUI Data]1 refL2AC.L2-3.1.3Control CUI Flow1 refL2AC.L2-3.1.4Separation of Duties1 refL2AC.L2-3.1.5Least Privilege1 refL2AC.L2-3.1.6Non-Privileged Account Use1 refL2AC.L2-3.1.7Privileged Functions1 refL2AC.L2-3.1.8Unsuccessful Logon Attempts1 refL2AC.L2-3.1.9Privacy & Security Notices1 refL2AC.L2-3.1.10Session Lock1 refL2AC.L2-3.1.11Session Termination1 refL2AC.L2-3.1.12Control Remote Access1 refL2AC.L2-3.1.13Remote Access Confidentiality1 refL2AC.L2-3.1.14Remote Access Routing1 refL2AC.L2-3.1.15Privileged Remote Access1 refL2AC.L2-3.1.16Wireless Access Authorization1 refL2AC.L2-3.1.17Wireless Access Protection1 refL2AC.L2-3.1.18Mobile Device Connection1 refL2AC.L2-3.1.19Encrypt CUI on Mobile1 refL2AC.L2-3.1.20External Connections [CUI Data]1 refL2AC.L2-3.1.21Portable Storage Use1 refL2AC.L2-3.1.22Control Public Information [CUI Data]1 refL2AC.L3-3.1.2eOrganizationally Controlled AssetsL3AC.L3-3.1.3eSecured Information TransferL3
Looking for the underlying standards? Browse NIST SP 800-171, 800-172 & 800-53 →