Phone No: Top Contact

CMMC Level 5 Controls

CMMC Level 5 Controls

CMMC Level 5 Controls

Domain AC: Access Control

The AC control family consists of processes and procedures for regulating who or what can access your organization’s systems, assets and protected data.

Domain AM: Asset Management

Identifying and effectively documenting your organization’s devices and services (e.g., hardware, software, licenses) ensures control over your IT assets and facilitates quick identification and resolution of problems.

Domain AU: Audit and Accountability

This family of controls covers your organization’s policies and procedures for defining audit requirements; performing audits of user and system activities; and creating, logging, reviewing, reporting, and protecting audit trails to promote accountability and identify security flaws or violations.

Domain CM: Configuration Management

Configuration management activities establish and maintain the integrity of IT assets and systems through delineated processes for setting their baseline configurations, documenting approved changes, and monitoring for unapproved changes.

Domain IR: Incident Response

A regularly updated incident response plan prepares your organization with set instructions for the prompt and effective detection of, response to and recovery from a cybersecurity incident.

Domain PS: Personnel Security

Personnel security practices ensure that employees, contractors and third-party users have been screened and found suitable prior to being granted access to your organization’s systems, as well as establish procedures to protect your systems when personnel leave their positions, to reduce the risk of theft, insider threat, fraud or misuse.

Domain RE: Recovery

Maintaining plans to restore capabilities or services impaired by a cybersecurity event, including securely backing up and protecting data, allows organizations to minimize damage and quickly resume normal operations.

Domain RM: Risk Management

RM controls involve identifying, assessing, mitigating and monitoring risks to your organization’s IT systems and data, actively working to reduce risk to an acceptable level.

Domain SC: Systems and Communications Protection

The SC control family includes techniques for securing your organization’s network boundaries and communications (e.g., boundary protection, cryptographic protection, denial-of-service protection).

Domain SI: System and Information Integrity

SI controls protect system and information integrity by identifying and remediating flaws and malicious content through routine actions, such as network and system monitoring, security alerts, and patch application.