Sign up for the newsletter
Requirement Explorer
Discover the requirements for different CMMC levels and how they’re calculated in your SPRS score.
LEVEL1
ID
AC.L1-b.1.i
DOMAIN
AC
NAME OF SECURITY REQUIREMENT
Authorized Access Control [FCI Data]
SECURITY REQUIREMENT
Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
LEVEL1
ID
AC.L1-b.1.ii
DOMAIN
AC
NAME OF SECURITY REQUIREMENT
Transaction & Function Control [FCI Data]
SECURITY REQUIREMENT
Limit system access to the types of transactions and functions that authorized users are permitted to execute.
LEVEL1
ID
AC.L1-b.1.iii
DOMAIN
AC
NAME OF SECURITY REQUIREMENT
External Connections [FCI Data]
SECURITY REQUIREMENT
Verify and control/limit connections to and use of external information systems.
LEVEL1
ID
AC.L1-b.1.iv
DOMAIN
AC
NAME OF SECURITY REQUIREMENT
Control Public Information [FCI Data]
SECURITY REQUIREMENT
Control information posted or processed on publicly accessible information systems.
LEVEL1
ID
IA.L1-b.1.v
DOMAIN
IA
NAME OF SECURITY REQUIREMENT
Identification [FCI Data]
SECURITY REQUIREMENT
Identify information system users, processes acting on behalf of users, or devices.
LEVEL1
ID
IA.L1-b.1.vi
DOMAIN
IA
NAME OF SECURITY REQUIREMENT
Authentication [FCI Data]
SECURITY REQUIREMENT
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
LEVEL1
ID
MP.L1-b.1.vii
DOMAIN
MP
NAME OF SECURITY REQUIREMENT
Media Disposal [FCI Data]
SECURITY REQUIREMENT
Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
LEVEL1
ID
PE.L1-b.1.ix
DOMAIN
PE
NAME OF SECURITY REQUIREMENT
Manage Visitors & Physical Access [FCI Data]
SECURITY REQUIREMENT
Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
LEVEL1
ID
PE.L1-b.1.viii
DOMAIN
PE
NAME OF SECURITY REQUIREMENT
Limit Physical Access [FCI Data]
SECURITY REQUIREMENT
Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices.
LEVEL1
ID
SC.L1-b.1.x
DOMAIN
SC
NAME OF SECURITY REQUIREMENT
Boundary Protection [FCI Data]
SECURITY REQUIREMENT
Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
LEVEL1
ID
SC.L1-b.1.xi
DOMAIN
SC
NAME OF SECURITY REQUIREMENT
Public-Access System Separation [FCI Data]
SECURITY REQUIREMENT
Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
LEVEL1
ID
SI.L1-b.1.xii
DOMAIN
SI
NAME OF SECURITY REQUIREMENT
Flaw Remediation [FCI Data]
SECURITY REQUIREMENT
Identify, report, and correct information and information system flaws in a timely manner.
LEVEL1
ID
SI.L1-b.1.xiii
DOMAIN
SI
NAME OF SECURITY REQUIREMENT
Malicious Code Protection [FCI Data]
SECURITY REQUIREMENT
Provide protection from malicious code at appropriate locations within organizational information systems.
LEVEL1
ID
SI.L1-b.1.xiv
DOMAIN
SI
NAME OF SECURITY REQUIREMENT
Update Malicious Code Protection [FCI Data]
SECURITY REQUIREMENT
Update malicious code protection mechanisms when new releases are available.
LEVEL1
ID
SI.L1-b.1.xv
DOMAIN
SI
NAME OF SECURITY REQUIREMENT
System & File Scanning [FCI Data]
SECURITY REQUIREMENT
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.