CMMC Domains

SteelToad’s CMMC Assessment (Level 2) will focus on the following fourteen security domains:

• Access Control: Control who can access your network and systems.

• Audit & Accountability: Ensure logs are created and checked frequently.

• Awareness & Training: Provide proper training to your employees.

• Configuration Management: Update baselines and other configurations regularly.

• Identification & Authentication: Know who is requesting access and authenticate appropriately.

• Incidence Response: Know how to recover when an incident occurs.

• Maintenance: Make sure your systems are up to date and patched.

• Media Protection: Protect media from theft and loss.

• Personnel Security: Reduce insider risks to your environment.

• Physical Protection: Use physical protection mechanisms to prevent access to

  physical devices.

• Risk Assessment: Use a process for identifying and managing risk.

• Security Assessment: Have your security posture independently verified.

• Systems and Communications Protection: Oversee security tools and processes

  related to system security.

• Systems and Information Integrity: Identify and prevent malicious content from

  entering the system.