CMMC Level 1 Controls
Domain AC: Access Control
The AC control family consists of processes and procedures for regulating who or what can access your organization’s systems, assets and protected data.
Domain IA: Identification and Authentication
These security techniques verify that an individual attempting to access your organization’s system through a user account is in fact the authorized user.
Domain MP: Media Protection
These controls secure information stored on digital and non-digital media or devices (e.g., USB drives, hard drives, paper hard copies) through procedures for media use, access, marking, storage, transport, sanitization and downgrading.
Domain PE: Physical Protection
Protecting information systems and data requires the physical security of the facilities that house them from all manner of threats (e.g., theft, natural disaster, accidents).
Domain SC: Systems and Communications Protection
The SC control family includes techniques for securing your organization’s network boundaries and communications (e.g., boundary protection, cryptographic protection, denial-of-service protection).
Domain SI: System and Information Integrity
SI controls protect system and information integrity by identifying and remediating flaws and malicious content through routine actions, such as network and system monitoring, security alerts, and patch application.
No practices required for the following domains at CMMC Level 1
- Domain AM Asset Management
- Domain AT Awareness and Training
- Domain AU Audit and Accountability
- Domain CA Security Assessment
- Domain CM Configuration Management
- Domain IR Incident Response
- Domain MA Maintenance
- Domain PS Personnel Security
- Domain RE Recovery
- Domain RM Risk Management
- Domain SA Situational Awareness