CMMC Practice PE.L2-3.10.6

Enforce safeguarding measures for CUI at alternate work sites.

Bold Coast Security Guidance

In addition to deploying technical controls consistent with other practices in the CMMC for malware protection, patching, and VPN access, this practice will require you to educate your staff to protect devices and data whether they are at their home office, a hotel, or their local coffee shop. They should be reminded to: Not leave their workstations unattended in a public location. Not to allow family members to use their work computers. Not to dispose of CUI or other "protected" data in their home trash. They should shred it. If a shredder is not available, documents should be brought back to the office for proper disposal. Secure mobile devices when not in use at home, either in a locked office, locked drawer, or securing the home. Do not leave devices unattended in your vehicle, but if necessary, cover them or lock them in the trunk. What is Zero Trust? As organizations embrace the cloud, the idea of an organization perimeter begins to fade. You can no longer rely on network controls and centralized security models, everything is decentralized, and the ability to "trust" devices and users based upon location is diminished. Your organization will need to rethink how it secures remote devices, authorizes users, and maintains control of data no longer on its network. NIST has release Special Publication 800-207 (draft) with recommendations for securing and authorizing people and devices in a zero trust model.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 Alternate work sites may include government facilities or the private residences of employees. Organizations may define different security requirements for specific alternate work sites or types of sites depending on the work related activities conducted at those sites.

References