CMMC 2.0 • LEVEL 2 • ACCESS CONTROL

AC.L2-3.1.10Device Lock

Prevent access to the system by 15 minutesCMMC/STIG. Retain the device lock until the user reestablishes access using established identification and authentication procedures. Conceal, via the device lock, information previously visible on the display with a publicly viewable image.

NIST 800-171 Mapping

NIST 800-53 Controls

AC-11AC-11(1)

Assessment Objectives

  • access to the system is prevented by 15 minutesCMMC/STIG.
  • information previously visible on the display is concealed via device lock with a publicly viewable image.
  • the device lock is retained until the user reestablishes access using established identification and authentication procedures.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AC.L1-3.1.1 Account Management AC.L1-3.1.2 Access Enforcement AC.L2-3.1.3 Information Flow Enforcement AC.L2-3.1.4 Separation of Duties