When educating people on a complex, multi-dimensional topic, the best place to start is with its key, foundational information. That’s exactly what Celerium’s Certified CMMC Professional Course (CCP) does – it conveys the fundamental knowledge needed to train professionals supporting the implementation of CMMC.
Access Control (AC)
Audit & Accountability (AU)
Awareness & Training (AT)
Configuration Management (CM)
Identification & Authentication (IA)
Incident Response (IR)
Maintenance (MA)
Media Protection (MP)
Personnel Security (PS)
Physical Protection (PE)
Risk Assessment (RA)
Security Assessment (CA)
Systems & Communications Protection (SC)
System & Information Integrity (SI)
Sponsored by Celerium
Sponsored by Celerium
These online-only courses provide CMMC training to companies looking to comply with CMMC. The courses are created by an experienced team of cybersecurity implementers with years of experience on NIST standards.
Implementing CMMC will be different for every company. And with the U.S. government doubling down on cybersecurity, it's important to get it right. So where is the best place to start?
Our CMMC Insights courses were created to help companies looking to comply with CMMC understand how to implement the practices. Our team has years of experience implementing NIST 800-53.
One-year access to the learning portal is provided, and we will provide updates on changes to CMMC as clarity is provided on items such as reciprocity. Don't wait -- get started on your CMMC assessment preparation now.
DOMAIN: Media Protection |
Practice:MP.L2-3.8.1
|
CAPABILITY: C023 Protect and control media
|
Protect (i.e., physically control and securely store) system media containing CUI, both paper and digital. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
· Procedures that identify how information system media is protected i.e. physically controlled or securely controlled.
· Organizational policy and processes that address access controls and media access restrictions.
· Inventories, media check-in check-out log.
Click here to see details
Practice:MP.L2-3.8.2
|
CAPABILITY: C023 Protect and control media
|
Limit access to CUI on system media to authorized users. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
Procedures that address access control and media protection to ensure that access is limited and restricted to authorized users, and that processes exist for granting temporary or emergency access.
Click here to see details (additional assessment notes available)
Practice:MP.L2-3.8.4
|
CAPABILITY: C022 Identify and mark media
|
Mark media with necessary CUI markings and distribution limitations. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
· The company information system media protection policy to identify the list of media marking security attributes.
· Evaluate media that contain CUI to determine the media has appropriate markings.
Click here to see details (additional assessment notes available)
Practice:MP.L2-3.8.5
|
CAPABILITY: C025 Protect media during transport
|
Control access to media containing CUI and maintain accountability for media during transport outside of controlled areas. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
· Your company's policy for the control of CUI to ensure that it addresses; approval of individual access to CUI, controls for transporting CUI, and safeguards to protect media during transport such as encryption, locked containers, or locked rooms.
· Your company's policy, physical and environmental protection policy, and procedures for transporting CUI.
Click here to see details (additional assessment notes available)
Practice:MP.L2-3.8.6
|
CAPABILITY: C025 Protect media during transport
|
Implement cryptographic mechanisms to protect the confidentiality of CUI stored on digital media during transport unless otherwise protected by alternative physical safeguards. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
Company's policy and related procedures on protecting CUI which should address the use of encryption and transport outside the physical perimeter.
Click here to see details (additional assessment notes available)
Practice:MP.L2-3.8.7
|
CAPABILITY: C023 Protect and control media
|
Control the use of removable media on system components. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
System media use policy and procedures or Rules of Behavior to identify restrictions for removable media, and if removable media is authorized for the system.
Click here to see details (additional assessment notes available)
Practice:MP.L2-3.8.8
|
CAPABILITY: C023 Protect and control media
|
Prohibit the use of portable storage devices when such devices have no identifiable owner. |
Threat Actors:
Compromised storage may contain malware or malicious code. Plugging an infected storage device into a system can allow an actor to compromise your network.
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following· Media Protection Policy to identify the conditions and type of portable media authorized for CUI.
· Procedures that require inventories of portable media consistent with this practice.
Click here to see details (additional assessment notes available)
Practice:MP.L2-3.8.9
|
CAPABILITY: C023 Protect and control media
|
Protect the confidentiality of backup CUI at storage locations. |
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following
· Procedures and controls that protect the integrity and availability of backup information at storage locations.
· Evidence that backups are encrypted on media when removed from a secured facility.
· Evidence that encryption is FIPS 140-2 complaint.
This practice ensures confidentiality of backup CUI located at storage locations is protected.
Click here to see detailsCopyright © 2022 Celerium. All Rights Reserved.