CMMC Domain AC Access Control

Identify and control who and what has access to your systems.

AC.1.001
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
AC.3.022
Encrypt CUI on mobile devices and mobile computing platforms.
AC.4.023
Control information flows between security domains on connected systems.
AC.2.008
Use non-privileged accounts or roles when accessing nonsecurity functions.
AC.4.032
Restrict remote network access based on organizationally defined risk factors such as time of day, location of access, physical location, network connection state, and measured properties of the current user and role.
AC.2.013
Monitor and control remote access sessions.
AC.2.015
Route remote access via managed access control points.
AC.2.016
Control the flow of CUI in accordance with approved authorizations.
AC.3.019
Terminate (automatically) user sessions after a defined condition.
AC.2.010
Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
AC.3.018
Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
AC.3.020
Control connection of mobile devices.
AC.1.002
Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
AC.2.011
Authorize wireless access prior to allowing such connections.
AC.3.017
Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
AC.3.014
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
AC.3.021
Authorize remote execution of privileged commands and remote access to security-relevant information.
AC.5.024
Identify and mitigate risk associated with unidentified wireless access points connected to the network.
AC.2.005
Provide privacy and security notices consistent with applicable CUI rules.
AC.2.006
Limit use of portable storage devices on external systems.
AC.4.025
Periodically review and update CUI program access permissions.
AC.2.007
Employ the principle of least privilege, including for specific security functions and privileged accounts.
AC.2.009
Limit unsuccessful logon attempts.
AC.3.012
Protect wireless access using authentication and encryption.
AC.1.004
Control information posted or processed on publicly accessible information systems.
AC.1.003
Verify and control/limit connections to and use of external information systems.