Phone No: Top Contact

CMMC Level 3 Controls

CMMC Level 3 Controls

CMMC Level 3 Controls

Domain AC: Access Control

The AC control family consists of processes and procedures for regulating who or what can access your organization’s systems, assets and protected data.

Domain AM: Asset Management

Identifying and effectively documenting your organization’s devices and services (e.g., hardware, software, licenses) ensures control over your IT assets and facilitates quick identification and resolution of problems.

Domain AU: Audit and Accountability

This family of controls covers your organization’s policies and procedures for defining audit requirements; performing audits of user and system activities; and creating, logging, reviewing, reporting, and protecting audit trails to promote accountability and identify security flaws or violations.

Domain PS: Personnel Security

Personnel security practices ensure that employees, contractors and third-party users have been screened and found suitable prior to being granted access to your organization’s systems, as well as establish procedures to protect your systems when personnel leave their positions, to reduce the risk of theft, insider threat, fraud or misuse.

Domain RE: Recovery

Maintaining plans to restore capabilities or services impaired by a cybersecurity event, including securely backing up and protecting data, allows organizations to minimize damage and quickly resume normal operations.

Domain SA: Situational Awareness

Proactively monitoring threats and collecting reliable, actionable intelligence from outside sources regarding the threat landscape will optimize an organization’s ability to detect and neutralize current threats.

Domain SC: Systems and Communications Protection

The SC control family includes techniques for securing your organization’s network boundaries and communications (e.g., boundary protection, cryptographic protection, denial-of-service protection).