CMMC 1.0 Practice AC.3.020 Requirement:

Control connection of mobile devices.

CMMC 1.0 AC.3.020 Requirement Explanation:

Mobile devices that don't meet your organization's security requirements can pose security risks. By enrolling devices into your MDM solution that want to connect to your network you can force them to meet your security requirements.

Example CMMC 1.0 AC.3.020 Implementation:

Document a set of requirements that mobile devices need to meet before they connect to your network. Mobile devices refer to phones and tablets. Use a mobile device management (MDM) system to enforce your mobile device security requirements. This would apply to both company owned devices and employee owned personal devices. If an employee does not want to register with your mobile device management system then do not grant their device access to your network.

CMMC 1.0 AC.3.020 Scenario(s):

- Scenario 1:

A user wants to connect his smart phone to the network. He is unable to do so unless he enrolls in your mobile device management solution. After enrolling special security settings defined by your company are applied to his smart phone.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.