CMMC 1.0 Practice AC.1.001 Requirement:
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
CMMC 1.0 AC.1.001 Requirement Explanation:
By controlling which people and systems access your network you can prevent unauthorized access to “Federal Contract Information” (FCI) and “Controlled Unclassified Information” (CUI).
Example CMMC 1.0 AC.1.001 Implementation:
Create an account creation process. Only provide user accounts to authorized persons. Require users to log in to your systems using a password. Only allow authorized devices onto your network. This includes restricting the workstations, servers, and even printers allowed on your network.
CMMC 1.0 AC.1.001 Scenario(s):
- Scenario 1:
Alice is responsible for creating user accounts. She follows her IT team's account creation process. The process only allows authorized persons to be given a user account. Every account Alice creates is password protected so that only the intended person can use it.
- Scenario 2:
Alice is a system administrator. She receives word from human resources (HR) that an employee will be terminated today at 3:00 PM. At 3:00 PM Alice disables his user account. The former employee no longer has access to company systems.
- Scenario 3:
Bob decides to bring his personal laptop to work and connect it to the corporate network. Alice, a system administrator, notices that an unauthorized device has connected to the network. She blocks the MAC address on her DHCP server to prevent it from connecting to the network. Bob submits a help desk ticket stating that he can't access the network. Alice responds to the ticket and discovers that she as blocked Bob's personal device. Alice tells Bob to use his work computer as personal devices are not allowed on the corporate network.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.