Access Control

CMMC Access Control Domain Explained

In this post we explain the CMMC access control domain and its associated requirements.

Join our newsletter:
The cybersecurity maturity model certification has 17 capability domains. The first domain and the one applying to all CMMC levels is the Access Control domain. The access control domain has four capability requirements and a total of twenty-six practices.

What is Access Control?

Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. (Source)

Access Control Domain Explained

The goal of the access control domain is to limit access to your systems and data. This includes limiting who can log into your systems. Limiting system access to authorized devices. Limiting permissions so that users, devices, and processes can only access the resources they need to fulfill business requirements.

What are the CMMC Access Control Domain Capabilities?

  • C001: Establish system access requirements
  • C002: Control internal system access
  • C003: Control remote system access
  • C004: Limit data access to authorized users and processes

Access Control Examples

Examples of access control security requirements include account management, separation of duties, least privilege, session lock, information flow enforcement, and session termination controls.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.