Forum
Notifications
Clear all
CMMC Level II
Posts
Answers
Questions
Configuration Management (CM) Level II Practice
- Subforums:
- CM.2.Intro - Domain Configuration Management (CM) Level II
- CM.2.061--Establish and maintain baseline configurations and inventories of organizational systems (including hardware , software , firmware and documen
- CM.2.062--Employ the principle of least functionality by configuring organizational systems to provide only essential capabilities.
- CM.2.063--Control and monitor user-installed software.
- CM.2.064--Establish and enforce security configuration settings for information technology products employed in organizational systems.
- CM.2.065--Track , review , approve or disapprove and log changes to organizational systems.
- CM.2.066--Analyze the security impact of changes prior to implementation.
0
0
0
Incident Response (IR) Level II Practice
- Subforums:
- IR.2. Intro - Domain Incident Response (IR) Level II
- IR.2.092--Establish an operational incident-handling capability for organizational systems that includes preparation , detection , analysis , containment
- IR.2.093--Detect and report events.
- IR.2.094--Analyze and triage events to support event resolution and incident declaration.
- IR.2.095--Develop and implement responses to declared incidents according to pre- defined procedures.
- IR.2.097--Perform root cause analysis on incidents to determine underlying causes.
0
0
0
Maintenance (MA) Level II Practice
- Subforums:
- MA.2 Intro - Domain Maintenance (MA) Level II
- MA.2.111--Perform maintenance on organizational systems.
- MA.2.112--Provide controls on the tools , techniques , mechanisms and personnel used to conduct system maintenance.
- MA.2.113--Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connection
- MA.2.114--Supervise the maintenance activities of personnel without required access authorization.
0
0
0
Risk Management (RM) Level II Practice
- Subforums:
- RM.2 Intro - Domain Risk Management (RM) Level II
- RM.2.141--Periodically assess the risk to organizational operations (including mission , functions , image or reputation) , organizational assets and ind
- RM.2.142--Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and ap
- RM.2.143--Remediate vulnerabilities in accordance with risk assessments.
0
0
0
Personnel Security (PS) Level II Practice
- Subforums:
- PS.2.Intro - Domain Personnel Security (PS) Level II
- PS.2.127--Screen individuals prior to authorizing access to organizational systems containing CUI.
- PS.2.128--Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.
0
0
0
Awareness & Training (AT) Level II Practice
- Subforums:
- AT.2 Intro - Domain Awareness & Training (AT) Level II
- AT.2.056--Ensure that managers , system administrators and users of organizational systems are made aware of the security risks associated with their a
- AT.2.057--Ensure that personnel are trained to carry out their assigned information security- related duties and responsibilities.
0
0
0
Access Control (AC) Level II Practice
- Subforums:
- AC.2 Intro - Domain Access Control Level II
- AC.2.005--Provide privacy and security notices consistent with applicable Controlled Unclassified Information (CUI) rules.
- AC.2.006--Limit use of portable storage devices on external systems.
- AC.2.007--Employ the principle of least privilege , including for specific security functions and privileged accounts.
- AC.2.008--Use non-privileged accounts or roles when accessing nonsecurity functions.
- AC.2.009--Limit unsuccessful logon attempts.
- AC.2.010--Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
- AC.2.011--Authorize wireless access prior to allowing such connections.
- AC.2.013--Monitor and control remote access sessions.
- AC.2.015--Route remote access via managed access control points.
- AC.2.016--Control the flow of CUI in accordance with approved authorizations.
0
0
0
System & Information Integrity (SI) Level II Practice
- Subforums:
- SI.2 Intro - System & Information Integrity (SI) Level II
- SI.2.214--Monitor system security alerts and advisories and take action in response.
- SI.2.216--Monitor organizational systems , including inbound and outbound communications traffic , to detect attacks and indicators of potential attacks
- SI.2.217--Identify unauthorized use of organizational systems.
0
0
0
Audit & Accountability (AU) Level II Practice
- Subforums:
- AU.2. Intro - Domain Audit & Accountability (AU) Level II
- AU.2.041--Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
- AU.2.042--Create and retain system audit logs and records to the extent needed to enable the monitoring , analysis , investigation and reporting of unla
- AU.2.043--Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for a
- AU.2.044--Review audit logs.
0
0
0
Identification & Authentication (IA) Level II Practice
- Subforums:
- IA.2 Intro - Domain Identification & Authentication (IA) Level II
- IA.2.078--Enforce a minimum password complexity and change of characters when new passwords are created.
- IA.2.079--Prohibit password reuse for a specified number of generations.
- IA.2.080--Allow temporary password use for system logons with an immediate change to a permanent password.
- IA.2.081--Store and transmit only cryptographically- protected passwords.
- IA.2.082--Obscure feedback of authentication information.
0
0
0
Media Protection (MP) Level II Practice
- Subforums:
- MP.2.Intro - Domain Media Protection (MP) Level II
- MP.2.119--Protect (e.g. , physically control and securely store) system media containing Federal Contract Information , both paper and digital.
- MP.2.120--Limit access to CUI on system media to authorized users.
- MP.2.121--Control the use of removable media on system components.
0
0
0
Security Assessment (CA) Level II Practice
- Subforums:
- CA.2 Intro - Domain Security Assessment (CA) Level II
- CA.2.157--Develop , document and periodically update System Security Plans (SSPs) that describe system boundaries , system environments of operation , ho
- CA.2.158--Periodically assess the security controls in organizational systems to determine if the controls are effective in their application.
- CA.2.159--Develop and implement plans of action (e.g. , POA&M) designed to correct deficiencies and reduce or eliminate vulnerabilities in organiza
0
0
0
No topics were found here
Forum Statistics
377
Forums
3
Topics
6
Posts
0
Online
8
Members
Latest Post: How do I do such and Such? Our newest member: Arthurvop Recent Posts Unread Posts
