COOEY // HUBcompliance · community · intelligence

Browse by CMMC domain

The 14 CMMC domains — the NIST SP 800-171 security-requirement families (§3.1–3.14). FedRAMP products are organized by which domain(s) they help you satisfy, grounded in official NIST 800-171 / 800-53 and CMMC (32 CFR 170) requirements. Pick a domain to see the products that address it.

AC
Access Control
NIST 800-171 §3.1 · CMMC domain
49
Limit system access to authorized users, processes acting on their behalf, and devices, and to the transactions and functions authorized users are permitted to exercise — least privilege, separation of duties, session control, remote-access and information-flow enforcement.
AT
Awareness and Training
NIST 800-171 §3.2 · CMMC domain
29
Ensure managers, system administrators, and users are made aware of the security risks of their activities and of applicable policies and standards, and are adequately trained — including insider-threat awareness — to carry out their assigned security duties.
AU
Audit and Accountability
NIST 800-171 §3.3 · CMMC domain
52
Create, protect, and retain system audit logs and records to enable monitoring, analysis, investigation, and reporting of unlawful or unauthorized activity, and ensure the actions of individual users can be uniquely traced so they can be held accountable.
CM
Configuration Management
NIST 800-171 §3.4 · CMMC domain
95
Establish and maintain baseline configurations and hardware/software inventories across the system lifecycle; enforce secure configuration settings, least functionality, and change control over modifications to organizational systems.
IA
Identification and Authentication
NIST 800-171 §3.5 · CMMC domain
298
Identify system users, processes acting on their behalf, and devices, and authenticate (verify) those identities as a prerequisite to allowing access — including multifactor authentication and management of identifiers, authenticators, and passwords.
IR
Incident Response
NIST 800-171 §3.6 · CMMC domain
17
Establish an operational incident-handling capability — preparation, detection, analysis, containment, recovery, and user response — and track, document, and report incidents to designated internal and external authorities.
MA
Maintenance
NIST 800-171 §3.7 · CMMC domain
Perform maintenance on organizational systems and provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct it — including sanitizing equipment removed for off-site maintenance and supervising maintenance access.
MP
Media Protection
NIST 800-171 §3.8 · CMMC domain
148
Protect system media containing CUI — both paper and digital — limit access to authorized users, mark media as needed, sanitize or destroy media before disposal or reuse, and control the use and transport of removable and portable media.
PS
Personnel Security
NIST 800-171 §3.9 · CMMC domain
11
Screen individuals prior to authorizing their access to systems containing CUI, and ensure those systems remain protected during and after personnel actions such as transfers and terminations.
PE
Physical Protection
NIST 800-171 §3.10 · CMMC domain
3
Limit physical access to organizational systems, equipment, and their operating environments to authorized individuals; escort visitors, maintain physical-access audit logs, and manage and protect physical facilities and support infrastructure. (NIST 800-53 family: Physical and Environmental Protection.)
RA
Risk Assessment
NIST 800-171 §3.11 · CMMC domain
37
Periodically assess the risk to organizational operations, assets, and individuals from the operation of systems and the processing, storage, and transmission of CUI — including scanning for vulnerabilities and remediating them in accordance with risk.
CA
Security Assessment
NIST 800-171 §3.12 · CMMC domain
21
Periodically assess the security controls in organizational systems to determine effectiveness, develop and implement plans of action to correct deficiencies, and monitor controls on an ongoing basis. (NIST 800-53 family: Assessment, Authorization, and Monitoring.)
SC
System and Communications Protection
NIST 800-171 §3.13 · CMMC domain
317
Monitor, control, and protect communications at the external boundaries and key internal boundaries of organizational systems, and employ architectural designs, software-development techniques, and cryptographic mechanisms (e.g., FIPS-validated) that safeguard CUI in transit and at those boundaries.
SI
System and Information Integrity
NIST 800-171 §3.14 · CMMC domain
145
Identify, report, and correct system flaws in a timely manner; provide protection from malicious code; monitor system security alerts and advisories and take action in response; and monitor the system to detect attacks and indicators of potential compromise.