Learn

cmmc-l2

Browse 110 published controls in this framework.

Control IDTitle
AC.L2-3.1.1CMMC AC.L2-3.1.1: Authorized Access Control | GRCWatch
AC.L2-3.1.10Session Lock Control (AC.L2-3.1.10) | CMMC Level 2
AC.L2-3.1.11CMMC AC.L2-3.1.11 Session Termination Control
AC.L2-3.1.12AC.L2-3.1.12: Monitor & Control Remote Access | CMMC
AC.L2-3.1.13AC.L2-3.1.13: Remote Access Confidentiality | CMMC Level 2
AC.L2-3.1.14AC.L2-3.1.14: Remote Access Routing | CMMC Level 2
AC.L2-3.1.15CMMC AC.L2-3.1.15: Privileged Remote Access Control
AC.L2-3.1.16CMMC AC.L2-3.1.16: Wireless Access Authorization
AC.L2-3.1.17AC.L2-3.1.17: Wireless Access Protection | CMMC Level 2
AC.L2-3.1.18CMMC AC.L2-3.1.18: Mobile Device Connection Control
AC.L2-3.1.19CMMC AC.L2-3.1.19: Encrypt CUI on Mobile Devices
AC.L2-3.1.2AC.L2-3.1.2: Transaction & Function Control | CMMC Level 2
AC.L2-3.1.20CMMC AC.L2-3.1.20: Control External System Connections
AC.L2-3.1.21CMMC AC.L2-3.1.21: Portable Storage Device Control
AC.L2-3.1.22CMMC AC.L2-3.1.22: Control Public Information
AC.L2-3.1.3CMMC AC.L2-3.1.3: Control CUI Flow | GRCWatch
AC.L2-3.1.4CMMC AC.L2-3.1.4: Separation of Duties Control
AC.L2-3.1.5CMMC AC.L2-3.1.5 Least Privilege Control
AC.L2-3.1.6CMMC AC.L2-3.1.6: Non-Privileged Account Use Control
AC.L2-3.1.7CMMC AC.L2-3.1.7: Privileged Functions Control
AC.L2-3.1.8CMMC AC.L2-3.1.8: Limit Unsuccessful Login Attempts
AC.L2-3.1.9CMMC AC.L2-3.1.9: Privacy & Security Notices Compliance
AT.L2-3.2.1CMMC AT.L2-3.2.1: Role-Based Risk Awareness Control
AT.L2-3.2.2CMMC AT.L2-3.2.2 Role-Based Training Control
AT.L2-3.2.3CMMC AT.L2-3.2.3 Insider Threat Awareness Training
AU.L2-3.3.1CMMC AU.L2-3.3.1: System Auditing Control Guide
AU.L2-3.3.2CMMC AU.L2-3.3.2: User Accountability Control
AU.L2-3.3.3AU.L2-3.3.3 Event Review | CMMC Level 2
AU.L2-3.3.4AU.L2-3.3.4 Audit Failure Alerting | CMMC Level 2
AU.L2-3.3.5CMMC AU.L2-3.3.5 Audit Correlation Control
AU.L2-3.3.6CMMC AU.L2-3.3.6: Audit Record Reduction & Reporting
AU.L2-3.3.7CMMC AU.L2-3.3.7: Authoritative Time Source Compliance
AU.L2-3.3.8CMMC L2 AU.L2-3.3.8: Audit Protection Control
AU.L2-3.3.9CMMC AU.L2-3.3.9 Audit Management | GRCWatch
CA.L2-3.12.1CMMC CA.L2-3.12.1: Security Control Assessment
CA.L2-3.12.2CMMC 2.0 CA.L2-3.12.2: Plan of Action Control
CA.L2-3.12.3CMMC CA.L2-3.12.3: System Security Plan Monitoring
CA.L2-3.12.4CMMC L2 CA.L2-3.12.4: System Security Plan Development
CM.L2-3.4.1System Baselining | CMMC Level 2 CM.L2-3.4.1
CM.L2-3.4.2CMMC L2 CM.L2-3.4.2: Security Configuration Enforcement
CM.L2-3.4.3CMMC L2 CM.L2-3.4.3: System Change Control
CM.L2-3.4.4CMMC L2 CM.L2-3.4.4: Security Impact Analysis
CM.L2-3.4.5CMMC L2 CM.L2-3.4.5: Access Restrictions for Change
CM.L2-3.4.6CMMC CM.L2-3.4.6 Least Functionality Control
CM.L2-3.4.7CMMC CM.L2-3.4.7: Disable Nonessential Functions
CM.L2-3.4.8CMMC L2 CM.L2-3.4.8: Application Execution Policy
CM.L2-3.4.9CMMC CM.L2-3.4.9: Control User-Installed Software
IA.L2-3.5.1CMMC IA.L2-3.5.1: User Identification Control
IA.L2-3.5.10CMMC IA.L2-3.5.10: Cryptographically-Protected Passwords
IA.L2-3.5.11CMMC IA.L2-3.5.11: Obscure Authentication Feedback
IA.L2-3.5.2CMMC L2 IA.L2-3.5.2: User Authentication Control
IA.L2-3.5.3CMMC IA.L2-3.5.3: Multifactor Authentication Requirements
IA.L2-3.5.4CMMC IA.L2-3.5.4: Replay-Resistant Authentication
IA.L2-3.5.5CMMC IA.L2-3.5.5: Identifier Reuse Control Guide
IA.L2-3.5.6CMMC IA.L2-3.5.6: Disable Identifiers After Inactivity
IA.L2-3.5.7CMMC IA.L2-3.5.7 Password Complexity Control
IA.L2-3.5.8CMMC IA.L2-3.5.8: Password Reuse Control Guide
IA.L2-3.5.9CMMC IA.L2-3.5.9 Temporary Password Control
IR.L2-3.6.1CMMC IR.L2-3.6.1 Incident Handling Control Guide
IR.L2-3.6.2CMMC L2 IR.L2-3.6.2 Incident Reporting | GRCWatch
IR.L2-3.6.3IR.L2-3.6.3 Incident Response Testing | CMMC Level 2
MA.L2-3.7.1CMMC MA.L2-3.7.1: System Maintenance Control
MA.L2-3.7.2CMMC MA.L2-3.7.2 System Maintenance Control | GRCWatch
MA.L2-3.7.3CMMC MA.L2-3.7.3: Equipment Sanitization Control
MA.L2-3.7.4CMMC MA.L2-3.7.4 Media Inspection Control
MA.L2-3.7.5CMMC MA.L2-3.7.5: Nonlocal Maintenance & MFA
MA.L2-3.7.6CMMC 2.0 MA.L2-3.7.6: Maintenance Personnel Supervision
MP.L2-3.8.1CMMC MP.L2-3.8.1 Media Protection Control
MP.L2-3.8.2CMMC MP.L2-3.8.2: Media Access Control
MP.L2-3.8.3CMMC MP.L2-3.8.3: Media Disposal & Sanitization
MP.L2-3.8.4CMMC MP.L2-3.8.4 Media Markings Control | GRCWatch
MP.L2-3.8.5CMMC L2 MP.L2-3.8.5: Media Accountability Control
MP.L2-3.8.6CMMC MP.L2-3.8.6: Portable Storage Encryption
MP.L2-3.8.7CMMC MP.L2-3.8.7: Removable Media Control
MP.L2-3.8.8CMMC MP.L2-3.8.8 Shared Media Control
MP.L2-3.8.9CMMC MP.L2-3.8.9: Protect Backups | Compliance Guide
PE.L2-3.10.1PE.L2-3.10.1: Limit Physical Access | CMMC Level 2
PE.L2-3.10.2CMMC PE.L2-3.10.2: Monitor Facility Control
PE.L2-3.10.3CMMC L2 Visitor Control: Escort & Monitor Requirements
PE.L2-3.10.4CMMC PE.L2-3.10.4 Physical Access Logs | Audit Trail Requirements
PE.L2-3.10.5CMMC PE.L2-3.10.5: Manage Physical Access Devices
PE.L2-3.10.6CMMC PE.L2-3.10.6 Alternative Work Sites Control
PS.L2-3.9.1CMMC PS.L2-3.9.1: Screen Individuals for CUI Access
PS.L2-3.9.2CMMC PS.L2-3.9.2: Termination & Transfer Protection
RA.L2-3.11.1CMMC RA.L2-3.11.1 Risk Assessments | GRCWatch
RA.L2-3.11.2CMMC RA.L2-3.11.2: Vulnerability Scan Requirements
RA.L2-3.11.3CMMC RA.L2-3.11.3: Vulnerability Remediation Guide
SC.L2-3.13.1SC.L2-3.13.1 Boundary Protection | CMMC Level 2
SC.L2-3.13.10CMMC L2 SC.L2-3.13.10 Key Management Control
SC.L2-3.13.11SC.L2-3.13.11 CUI Encryption | CMMC Level 2
SC.L2-3.13.12SC.L2-3.13.12 Collaborative Computing | CMMC Level 2
SC.L2-3.13.13SC.L2-3.13.13 Mobile Code Control | CMMC Level 2
SC.L2-3.13.14CMMC SC.L2-3.13.14 VoIP Control | Compliance Guide
SC.L2-3.13.15SC.L2-3.13.15: Communications Authenticity | CMMC Level 2
SC.L2-3.13.16SC.L2-3.13.16 Data at Rest | CMMC Level 2
SC.L2-3.13.2SC.L2-3.13.2: Security Engineering | CMMC Level 2
SC.L2-3.13.3SC.L2-3.13.3 Role Separation | CMMC Level 2
SC.L2-3.13.4SC.L2-3.13.4 Shared Resource Control | CMMC Level 2
SC.L2-3.13.5SC.L2-3.13.5: Public-Access System Separation | CMMC
SC.L2-3.13.6SC.L2-3.13.6: Network Communication by Exception | CMMC
SC.L2-3.13.7SC.L2-3.13.7 Split Tunneling | CMMC Level 2
SC.L2-3.13.8SC.L2-3.13.8: Data in Transit Encryption | CMMC Level 2
SC.L2-3.13.9SC.L2-3.13.9: Network Connection Termination | CMMC Level 2
SI.L2-3.14.1SI.L2-3.14.1 Flaw Remediation | CMMC Level 2
SI.L2-3.14.2CMMC SI.L2-3.14.2: Malicious Code Protection
SI.L2-3.14.3CMMC SI.L2-3.14.3: Security Alerts & Advisories
SI.L2-3.14.4CMMC SI.L2-3.14.4: Malicious Code Protection Updates
SI.L2-3.14.5CMMC SI.L2-3.14.5: System & File Scanning
SI.L2-3.14.6SI.L2-3.14.6 Security Monitoring | CMMC Level 2
SI.L2-3.14.7SI.L2-3.14.7: Identify Unauthorized Use | CMMC Level 2