All CMMC 1.02 Level 1 Controls Explained скачать в хорошем качестве

All CMMC 1.02 Level 1 Controls Explained

In a previous video I gave you an overview of CMMC and explained how it’s a massive push by the Department of Defense to ensure that its contractors handle the information that they deal with on a daily basis in a more secure manner. LINKS: ____________________________________________ https://etactics.com/blog/cmmc-level-... ____________________________________________ I also explained that, even though the regulation isn’t going to be in effect until 2026...contractors need to start working towards CMMC now if they want to be able to bid on any future DoD contracts. If you haven’t seen that video, you should check it out...after you watch this one. Anyway, the majority of DoD contractors will fall under the first 3 levels of CMMC, based on how much controlled unclassified information (CUI) they deal with on a daily basis. The next question then is, what controls do you need to follow? One of the biggest takeaways to know about CMMC Level 1 is that process maturity isn’t assessed. They aren’t assessed because the implementation of the practices laid out within it dictates the process itself. As far as the practices at this stage go, all that’s required is a focus on “Basic Cyber Hygiene”. Luckily, the accreditation board defines that as following the safeguarding requirements as noted in 48 CFR 52.204-21. Although 48 CFR 52.204-21 provides actionable implementation steps for Level 1 contractors, processes need to integrate cybersecurity within the culture of the organization. It’s not something that only requires tick-markets on an implementation checklist. Now that the explanation portion is out of the way, let’s take a look at the required CMMC level 1 controls. The levels of CMMC determine the strictness of required safeguarding based on the sensitivity of the information processed down the supply chain. Each area of compliance that’s required exists in categorized buckets of controls called domains. Luckily for Level 1 contractors, only 6 of the 17 listed controls are required...Access Control (AC), Identification and Authentication (IA), Media Protection (MP), Physical Protection (PE), System and Communications Protection (SC), and System and Information Integrity (SI). The access control (AC) domain focuses on the tracking and understanding of who has access to your systems and network. This includes user privileges, remote access and internal system access. Luckily, the CMMC-AB defines the AC controls that Level 1 contractors must resolve…AC.1.001, AC.1.002, AC.1.003, AC.1.004 The Identification and Authentication (IA) domain focuses on the roles within your organization. It synergizes with the AC by ensuring that access to all systems and networks is traceable for reporting and accountability. There are only two IA control requirements for CMMC Level 1… IA.1.076 and IA.1.077 Media Protection focuses on identifying, tracking and ongoing maintenance of media. It also includes policies about protection, data sanitation and acceptable transportation. CMMC Level 1 contractors have only one MP control to focus on and it deals with sanitation of media devices…MP.1.118 Physical protection is often an overlooked domain for many organizations. Sure, most places implement a sign-in process, requiring card reader identification and access to certain portions of their location. Yet, not every organization supervises its visitors throughout their entire stay. PE helps organizations with that. CMMC Level 1 contractors must focus on the following PE controls… PE.1.131, PE.1.132, PE.1.133, and PE.1.134. Communication is an integral part of every organization. That communication between employees needs to be secure so that no bad actor may eavesdrop and record sensitive data. The System and Communication Protection (SC) domain focuses on the implementation of boundary level defense on an organizational communication level. CMMC Level 1 SC control requirements... SC.1.175 and SC 1.176 The last domain that relates to what’s required by Level 1 contractors is System and Information Integrity (SI). This domain focuses on the ongoing maintenance and management of issues within information systems. In other words, it enforces that organizations place efforts toward identifying malicious code, placing ongoing protections on email and system monitoring. CMMC Level 1 contractors must adhere to the following SI controls… SI.1.210, SI.1.211, SI.1.212 and SI.1.213. The introduction of CMMC in January of 2020 raised a lot of eyebrows. It’s a massive effort by the DoD to ensure that their contractors and those contractors’ supply chain vendors protect the information that they work with. ► Reach out to Etactics @ https://www.etactics.com​ ►Subscribe: https://rb.gy/pso1fq​ to learn more tips and tricks in healthcare, health IT, and cybersecurity. ►Find us on LinkedIn:   / etactics-inc​   ►Find us on Facebook:   / ​