CMMC 1.0 Practice AC.1.001 Requirement:

Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).

CMMC 1.0 AC.1.001 Requirement Explanation:

By controlling which people and systems access your network you can prevent unauthorized access to “Federal Contract Information” (FCI) and “Controlled Unclassified Information” (CUI).

Example CMMC 1.0 AC.1.001 Implementation:

Create an account creation process. Only provide user accounts to authorized persons. Require users to log in to your systems using a password. Only allow authorized devices onto your network. This includes restricting the workstations, servers, and even printers allowed on your network.

CMMC 1.0 AC.1.001 Scenario(s):

- Scenario 1:

Alice is responsible for creating user accounts. She follows her IT team's account creation process. The process only allows authorized persons to be given a user account. Every account Alice creates is password protected so that only the intended person can use it.

- Scenario 2:

Alice is a system administrator. She receives word from human resources (HR) that an employee will be terminated today at 3:00 PM. At 3:00 PM Alice disables his user account. The former employee no longer has access to company systems.

- Scenario 3:

Bob decides to bring his personal laptop to work and connect it to the corporate network. Alice, a system administrator, notices that an unauthorized device has connected to the network. She blocks the MAC address on her DHCP server to prevent it from connecting to the network. Bob submits a help desk ticket stating that he can't access the network. Alice responds to the ticket and discovers that she as blocked Bob's personal device. Alice tells Bob to use his work computer as personal devices are not allowed on the corporate network.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.