Commonly Misunderstood CMMC Access Control Requirement Assumptions and Strategies to Address Them (D01d)
This talk addresses commonly misunderstood CMMC requirements and strategies for meeting their minimum success criteria. Examples include:
AC.L2-3.1.1: Defining “authorization” and clarifying the scope of “processes acting on behalf of authorized users.”
AC.L2-3.1.2: Determining the sufficiency of defined authorized transactions and functions.
AC.L2-3.1.5–3.1.7: Differentiating privileged and non-privileged functions and related users.
AC.L2-3.1.12–3.1.15: Addressing compliance for cloud-based environments without remote console-level access.
AC.L2-3.1.16–3.1.17: Managing wireless network compliance when not owning or operating the network.
AC.L2-3.1.20: Establishing appropriate scoping for minimum sufficiency.