Imagine your employee with administrative privileges clicks on a phishing email, or a spam ad pops up and is accidentally clicked on – your entire organization’s confidential information, data, and passwords are now compromised.
Fortunately, you caught it quickly in the first ten minutes and think you’re safe.
Well, you’re not.
Ransomware takes 3 seconds from the moment a hacker gets access to your account to move through the entire organization.
With CMMC AC.2.008, this situation is avoidable by using non-privileged accounts or roles when accessing non-security functions.
Before diving in, to first get a solid foundation of knowledge, check out our blog: Understanding the CMMC 2.0 Framework.
CMMC AC.2.008 requires the use of non-privileged accounts or roles when accessing non-security functions. In non-technical jargon, accounts with admin privileges are to only be used for high-level administrative functions. To break it down even further, don’t use the admin accounts for everyday use in the office.
Now, let’s get into the details of how to implement CMMC AC.2.008. These next steps will differ depending on if you’re set up on a domain or local setup.
Before you waste your time going to each computer and setting these policies in place, log in to the server with the domain controller and follow these steps on how to set admin privileges on a Windows Server:
Unfortunately, there’s no way to create accounts in bulk for multiple users at a time. When working with local environments, you’ll need to apply the following settings to each individual computer to set or remove admin privileges.
If you’re looking to implement all the CMMC policies yourself, it’s not going to be an easy feat. However, we understand outsourced IT isn’t possible for all businesses. To help you out, use these tips and tricks when implementing CMMC AC.2.008.
Frankly, it’s required. If you’re a company that has Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), the Department of Defense has developed these requirements that need to be followed.
Aside from literally being required, CMMC compliance is designed for your business’s safety. Although tedious, these standards are set in place to avoid data leaks and compromised security.
CMMC compliance is still developing from the Department of Defense, so there’s a chance you haven’t implemented these policies yet. Reach out to our team at Omnis Technologies to start moving towards a compliant, safe network.