CMMC 2.0 • LEVEL 2 • ACCESS CONTROL

AC.L2-3.1.18Access Control for Mobile Devices

Establish usage restrictions, configuration requirements, and connection requirements for mobile devices. Authorize the connection of mobile devices to the system. Implement full-device or container-based encryption to protect the confidentiality of CUI on mobile devices.

NIST 800-171 Mapping

NIST 800-53 Controls

AC-19

Assessment Objectives

  • usage restrictions are established for mobile devices.
  • configuration requirements are established for mobile devices.
  • connection requirements are established for mobile devices.
  • the connection of mobile devices to the system is authorized.
  • full-device or container-based encryption is implemented to protect the confidentiality of CUI on mobile devices.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AC.L1-3.1.1 Account Management AC.L1-3.1.2 Access Enforcement AC.L2-3.1.3 Information Flow Enforcement AC.L2-3.1.4 Separation of Duties