CMMC 1.0 Practice AC.3.020 Requirement:
Control connection of mobile devices.
CMMC 1.0 AC.3.020 Requirement Explanation:
Mobile devices that don't meet your organization's security requirements can pose security risks. By enrolling devices into your MDM solution that want to connect to your network you can force them to meet your security requirements.
Example CMMC 1.0 AC.3.020 Implementation:
Document a set of requirements that mobile devices need to meet before they connect to your network. Mobile devices refer to phones and tablets. Use a mobile device management (MDM) system to enforce your mobile device security requirements. This would apply to both company owned devices and employee owned personal devices. If an employee does not want to register with your mobile device management system then do not grant their device access to your network.
CMMC 1.0 AC.3.020 Scenario(s):
- Scenario 1:
A user wants to connect his smart phone to the network. He is unable to do so unless he enrolls in your mobile device management solution. After enrolling special security settings defined by your company are applied to his smart phone.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.