CMMC 1.0 Practice - SC.1.175

Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.

CMMC 1.0 Practice - SC.1.176

Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

CMMC 1.0 Practice - SC.3.177

Employ FIPS-validated cryptography when used to protect the confidentiality of “Controlled Unclassified Information” (CUI).

CMMC 1.0 Practice - SC.2.178

Prohibit remote activation of collaborative computing devices and provide indication of devices in use to users present at the device.

CMMC 1.0 Practice - SC.2.179

Use encrypted sessions for the management of network devices.

CMMC 1.0 Practice - SC.3.180

Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational systems.

CMMC 1.0 Practice - SC.3.181

Separate user functionality from system management functionality.

CMMC 1.0 Practice - SC.3.182

Prevent unauthorized and unintended information transfer via shared system resources.

CMMC 1.0 Practice - SC.3.183

Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

CMMC 1.0 Practice - SC.3.184

Prevent remote devices from simultaneously establishing non-remote connections with organizational systems and communicating via some other connection to resources in external networks (i.e., split tunneling).

CMMC 1.0 Practice - SC.3.185

Implement cryptographic mechanisms to prevent unauthorized disclosure of “Controlled Unclassified Information” (CUI) during transmission unless otherwise protected by alternative physical safeguards.

CMMC 1.0 Practice - SC.3.186

Terminate network connections associated with communications sessions at the end of the sessions or after a defined period of inactivity.

CMMC 1.0 Practice - SC.3.187

Establish and manage cryptographic keys for cryptography employed in organizational systems.

CMMC 1.0 Practice - SC.3.188

Control and monitor the use of mobile code.

CMMC 1.0 Practice - SC.3.189

Control and monitor the use of Voice over Internet Protocol (VoIP) technologies.

CMMC 1.0 Practice - SC.3.190

Protect the authenticity of communications sessions.

CMMC 1.0 Practice - SC.3.191

Protect the confidentiality of “Controlled Unclassified Information” (CUI) at rest.

CMMC 1.0 Practice - SC.3.192

Implement Domain Name System (DNS) filtering services.

CMMC 1.0 Practice - SC.3.193

Implement a policy restricting the publication of “Controlled Unclassified Information” (CUI) on externally-owned publicly accessible websites (e.g., Forums, LinkedIn, Facebook, Twitter, etc.).