CMMC 1.0 Handbook / CMMC 1.0 Domains

CMMC 1.0 Access Control

Ensure that only authorized persons can access your systems and information.

CMMC 1.0 Asset Management

Identify and document your system assets such as workstations and servers.

CMMC 1.0 Audit and Accountability

Create, protect, and retain system logs, to monitor, analyze, investigate, and report unauthorized activity occurring on your systems.

CMMC 1.0 Awareness and Training

Ensure that users have proper security training before being allowed to access or administer your systems and information.

CMMC 1.0 Configuration Management

Securely configure and maintain your systems in accordance with best practices and prevent unauthorized changes from being made.

CMMC 1.0 Identification and Authentication

Properly verify the identities of users, processes, and devices before allowing them to access your systems and information.

CMMC 1.0 Incident Response

Build an incident response capability to react to cybersecurity incidents.

CMMC 1.0 Maintenance

Schedule and perform authorized maintenance on your systems in accordance with manufacturer requirements.

CMMC 1.0 Media Protection

Protect the confidentiality and integrity of digital media (e.g. hard drives) and non-digital media (e.g. paper).

CMMC 1.0 Personnel Security

Minimize the risk your staff pose to your systems and information.

CMMC 1.0 Physical Protection

Protect your facilities, personnel, and systems from physical threats such as unauthorized facility access.

CMMC 1.0 Recovery

Develop recovery plans and implement backups to bring your systems back up and running after an interruption.

CMMC 1.0 Risk Management

Assess the risks your systems face from various threats and vulnerabilities and develop plans to mitigate risk.

CMMC 1.0 Security Assessment

Assess your current cybersecurity program and develop a system security plan to implement the required cybersecurity controls.

CMMC 1.0 Situational Awareness

Monitor threats that may impact your systems and information.

CMMC 1.0 System and Communications Protections

Implement encrypted communications and control communications to protect your data.

CMMC 1.0 System and Information Integrity

Keep your systems updated with security patches to prevent malware infections, ensure that you have anti-malware software deployed and secure your email systems.