Controlled Unclassified Information (CUI)
Description: The government creates or possesses Controlled Unclassified Information that a law, regulation, or Government-wide policy requires an agency to handle using safeguarding or dissemination controls.
Key Words: compliance, infrastructure, defense, intelligence, financial, law, legal, resources, nuclear, patent, privacy, acquisition, transportation, CUI, controlled, unclassified, fouo, label, header, banner, marking, dissemination
Key Words: compliance, infrastructure, defense, intelligence, financial, law, legal, resources, nuclear, patent, privacy, acquisition, transportation, CUI, controlled, unclassified, fouo, label, header, banner, marking, dissemination
CMMC Framework v2.0
Description: Explore the fourteen (14) domains that originated from NIST SP 800-171.
Key Words: level, domain, practice, CUI, FCI, federal, NIST, access control, awareness, audit, configuration, authentication, incident, maintenance, media, personnel, physical, risk assessment, communication, system
Key Words: level, domain, practice, CUI, FCI, federal, NIST, access control, awareness, audit, configuration, authentication, incident, maintenance, media, personnel, physical, risk assessment, communication, system
Test Your CMMC Knowledge
Description: Test your knowledge of the CMMC framework, domains, and practices.
Key Words: framework, practice, level, assessment, maturity, level, domain, practice, CUI, FCI, federal, NIST, access control, awareness, audit, configuration, authentication, incident, maintenance, media, personnel, physical, risk assessment, communication, system
Key Words: framework, practice, level, assessment, maturity, level, domain, practice, CUI, FCI, federal, NIST, access control, awareness, audit, configuration, authentication, incident, maintenance, media, personnel, physical, risk assessment, communication, system
Access Control
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Access Control domain.
Key Words: authorize, information, permit, assessment, account management, domain, NIST 171, cmmc
Key Words: authorize, information, permit, assessment, account management, domain, NIST 171, cmmc
Awareness and Training
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Awareness and Training domain.
Key Words: role, threat, guideline, policies, policy, plan, personnel, domain, NIST 171, cmmc
Key Words: role, threat, guideline, policies, policy, plan, personnel, domain, NIST 171, cmmc
Audit and Accountability
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Audit and Accountability domain.
Key Words: user, event, log, monitor, analysis, record, domain, NIST 171, cmmc
Key Words: user, event, log, monitor, analysis, record, domain, NIST 171, cmmc
Security Assessment
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Security Assessment domain.
Key Words: test, evaluation, control, plan, monitor, operation, policy, domain, NIST 171, cmmc
Key Words: test, evaluation, control, plan, monitor, operation, policy, domain, NIST 171, cmmc
Configuration Management
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Configuration Management domain.
Key Words: baseline, develop, enforce, change, log analysis, inventory software, hardware, domain, NIST 171, cmmc
Key Words: baseline, develop, enforce, change, log analysis, inventory software, hardware, domain, NIST 171, cmmc
Identification and Authentication
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Identification and Authentication domain.
Key Words: user, device, process, access, plan, policy, domain, NIST 171, cmmc
Key Words: user, device, process, access, plan, policy, domain, NIST 171, cmmc
Incident Response
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Incident Response domain.
Key Words: detect, analysis, containment, recovery, document, test, plan, policy, domain, NIST 171, cmmc
Key Words: detect, analysis, containment, recovery, document, test, plan, policy, domain, NIST 171, cmmc
Maintenance
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Maintenance domain.
Key Words: system, equipment, policy, plan, domain, NIST 171, cmmc
Key Words: system, equipment, policy, plan, domain, NIST 171, cmmc
Media Protection
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Media Protection domain.
Key Words: disposal, plan, policy, domain, NIST 171, cmmc
Key Words: disposal, plan, policy, domain, NIST 171, cmmc
Physical Protection
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Physical Protection domain.
Key Words: environment, limit, access, log, plan, policy, domain, NIST 171, cmmc
Key Words: environment, limit, access, log, plan, policy, domain, NIST 171, cmmc
Personnel Security
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Personnel Security domain.
Key Words: access, CUI, policy, plan, domain, NIST 171, cmmc
Key Words: access, CUI, policy, plan, domain, NIST 171, cmmc
Risk Assessment
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the Risk Assessment domain.
Key Words: operation, asset, CUI, vulnerability, scan, remediation, policy, plan, process, domain, NIST 171, cmmc
Key Words: operation, asset, CUI, vulnerability, scan, remediation, policy, plan, process, domain, NIST 171, cmmc
System and Communication Protection
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the System and Communication Protection domain.
Key Words: monitor, control, transmit, policy, plan, protect, domain, NIST 171, cmmc
Key Words: monitor, control, transmit, policy, plan, protect, domain, NIST 171, cmmc
System and Information Integrity
Description: Review the audit objectives, acceptable evidence, interviews, and tests required for each Level 1 and 2 practice within the System and Information Integrity domain.
Key Words: monitor, control, transmit, policy, plan, protect, domain, NIST 171, cmmc
Key Words: monitor, control, transmit, policy, plan, protect, domain, NIST 171, cmmc
Cybersecurity Maturity Model Certification (CMMC)
Controlled Unclassified Information (CUI)
CMMC Framework v2.0
Test Your CMMC Knowledge
CMMC Domains
