CMMC 2.0 Insights
Level 2
Select Domain for Level 2
Domain Name
Access Control (AC)
Audit & Accountability (AU)
Awareness & Training (AT)
Configuration Management (CM)
Identification & Authentication (IA)
Incident Response (IR)
Maintenance (MA)
Media Protection (MP)
Personnel Security (PS)
Physical Protection (PE)
Risk Assessment (RA)
Security Assessment (CA)
Systems & Communications Protection (SC)
System & Information Integrity (SI)
| DOMAIN: System and Communication Protections |
|
Practice:SC.L1-3.13.1
|
CAPABILITY: C039 Control communications at system boundaries
|
|
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. |
|
Threat Actors:
i) Can access systems that are not protected by "boundary components" (gateways, routers, firewalls, network-based malicious code analysis and virtualization systems, encrypted tunnels)
ii) May exploit holes in boundary components if not properly configured
Assessment NOTES: A CMMC assessor may want to review, observe, or test the following· If network communication boundaries have been identified
· List of hardware/software used for network monitoring of key internal and external boundaries
· Procedures that addresses boundary protection systems, such as routers, gateways, firewalls, configurations, and/or VPNs used to monitor or restrict authorized/unauthorized communications.
Click here to see detailsCopyright © 2022 Celerium. All Rights Reserved.