CMMC 1.0 Practice AC.2.005 Requirement:

Provide privacy and security notices consistent with applicable “Controlled Unclassified Information” (CUI) rules.

CMMC 1.0 AC.2.005 Requirement Explanation:

Your system users need to consent to your policies before using your system. System use notifications allow you to do this. You don't have to display all your policies but a high level overview is in order. This provides legal protection to your organization and informs users that they can be held accountable for the actions they take.

Example CMMC 1.0 AC.2.005 Implementation:

Create a privacy/security notice to display on your systems before users login. You can make the security notices appear on Windows workstations and servers using group policy. You can manually configure it on other systems such as Linux servers and network devices. Your notice should inform users of the following: You may monitor, record, and subject to audit any use of the system, unauthorized use of the system is prohibited, unauthorized use may be subject to criminal and civil penalties, by using the system users consent to monitoring and recording.

CMMC 1.0 AC.2.005 Scenario(s):

- Scenario 1:

Before an employee logs into their workstation they must click accept on your company's system use notification.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.