AC
Access Control
NIST 800-171 §3.1 · CMMC domain
49
Limit system access to authorized users, processes acting on their behalf, and devices, and to the transactions and functions authorized users are permitted to exercise — least privilege, separation of duties, session control, remote-access and information-flow enforcement.
AU
Audit and Accountability
NIST 800-171 §3.3 · CMMC domain
52
Create, protect, and retain system audit logs and records to enable monitoring, analysis, investigation, and reporting of unlawful or unauthorized activity, and ensure the actions of individual users can be uniquely traced so they can be held accountable.
IR
Incident Response
NIST 800-171 §3.6 · CMMC domain
17
Establish an operational incident-handling capability — preparation, detection, analysis, containment, recovery, and user response — and track, document, and report incidents to designated internal and external authorities.
SC
System and Communications Protection
NIST 800-171 §3.13 · CMMC domain
317
Monitor, control, and protect communications at the external boundaries and key internal boundaries of organizational systems, and employ architectural designs, software-development techniques, and cryptographic mechanisms (e.g., FIPS-validated) that safeguard CUI in transit and at those boundaries.