NIST SP 800-171 & CMMC 2.0 - 3.1.1
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
NIST SP 800-171 & CMMC 2.0 - 3.1.2
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
NIST SP 800-171 & CMMC 2.0 - 3.1.20
Verify and control/limit connections to and use of external information systems.
NIST SP 800-171 & CMMC 2.0 - 3.1.22
Control information posted or processed on publicly accessible information systems.
NIST SP 800-171 & CMMC 2.0 - 3.1.9
Provide privacy and security notices consistent with applicable “Controlled Unclassified Information” (CUI) rules.
NIST SP 800-171 & CMMC 2.0 - 3.1.21
Limit use of portable storage devices on external systems.
NIST SP 800-171 & CMMC 2.0 - 3.1.5
Employ the principle of least privilege, including for specific security functions and privileged accounts.
NIST SP 800-171 & CMMC 2.0 - 3.1.6
Use non-privileged accounts or roles when accessing nonsecurity functions.
NIST SP 800-171 & CMMC 2.0 - 3.1.8
Limit unsuccessful logon attempts.
NIST SP 800-171 & CMMC 2.0 - 3.1.10
Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
NIST SP 800-171 & CMMC 2.0 - 3.1.16
Authorize wireless access prior to allowing such connections.
NIST SP 800-171 & CMMC 2.0 - 3.1.17
Protect wireless access using authentication and encryption.
NIST SP 800-171 & CMMC 2.0 - 3.1.12
Monitor and control remote access sessions.
NIST SP 800-171 & CMMC 2.0 - 3.1.13
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
NIST SP 800-171 & CMMC 2.0 - 3.1.14
Route remote access via managed access control points.
NIST SP 800-171 & CMMC 2.0 - 3.1.3
Control the flow of CUI in accordance with approved authorizations.
NIST SP 800-171 & CMMC 2.0 - 3.1.4
Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
NIST SP 800-171 & CMMC 2.0 - 3.1.7
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
NIST SP 800-171 & CMMC 2.0 - 3.1.11
Terminate (automatically) user sessions after a defined condition.
NIST SP 800-171 & CMMC 2.0 - 3.1.18
Control connection of mobile devices.
NIST SP 800-171 & CMMC 2.0 - 3.1.15
Authorize remote execution of privileged commands and remote access to security-relevant information.
NIST SP 800-171 & CMMC 2.0 - 3.1.19
Encrypt CUI on mobile devices and mobile computing platforms.