One of the first steps to being CMMC compliant is completing the principle of least privilege, A.K.A CMMC AC.2.007.
Setting Your Business Up for CMMC Compliance – CMMC AC.2.010
CMMC 2.0 has several levels of standards to follow, CMMC AC.2.010 is just a fraction. Explore what this policy is, how it works, and why it matters.
Imagine it’s Friday afternoon and you’re headed for the door, ready for your weekend plans and in a rush, so you forget to lock your computer. While it may not cause issues most of the time, in the event of a physical break-in or cyber attack, your computer is already logged in – making confidential data much more accessible to criminals.
CMMC AC.2.010 is designed to protect your business and data in this situation. Let’s first begin with what CMMC 2.0 is.
What is CMMC 2.0?
According to the Department of Defense, the Cybersecurity Maturity Model Certification (CMMC) 2.0 program is designed to streamline requirements into cybersecurity standard tiers. These tiers begin with the most well-known and accepted requirements and build up to much more in-depth standards.
CMMC protects Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Any business in the Department of Defense supply chain is required to comply with CMMC policies.
What is CMMC AC.2.010?
To break it down further, one specific compliance that must be followed is CMMC AC.2.010 – use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
Now, what does that mean?
In simpler terms, CMMC AC.2.010 protects data by locking computers after 5 to 10 minutes of inactivity and requires authentication before accessing data again.
The Importance of CMMC AC.2.010
As mentioned earlier, if you forget to lock your computer before the weekend and a physical break-in or cyber attack occurs, you may make the criminal's job much easier. However, it can happen much faster than that.
Cybersecurity attacks can occur in 3 seconds. Even if you step away from your desk for a quick minute and a coworker stops to chat, your computer could be compromised. If your account is unlocked, any confidential data on your computer can be accessed and stolen. CMMC AC.2.010 tries to lower the likelihood of these instances by locking your computer after a preset period of time.
How to Implement CMMC AC.2.010
Whether you’re a large business or small organization, CMMC AC.2.010 applies to you – but the implementation process varies. Your IT team can follow these steps, or an outsourced IT provider can assist you with this setup.
If your business is configured with a domain, follow these steps.
- Click Start and type ‘Group Policy’
- Open the Group Policy Management console
- Right-click on the group policy you would like to edit
- Click ‘Computer Configuration’
- Click ‘Policies’
- Click ‘Windows Settings’
- Click ‘Security Settings’
- Click ‘Local Policies’
- Click ‘Security Options’
- Double click ‘Interactive Logon: Machine inactivity limit
- Check the box for ‘Define this policy setting’
- Set it for the desired seconds (300 seconds = 5 minutes)
- Click Apply and exit
If your business is on a local setup, follow these steps.
Individual Computers (Non Domain):
- Right-click on the start menu
- Click ‘System’
- In the ‘Find a setting’ search box, type ‘Power’
- Click ‘Power, sleep and battery settings’
- Under the power section, adjust the sleep and screen turn-off settings
Outsourcing vs. In-House IT: CMMC Cybersecurity
Let’s face it. Finding out who has admin privileges, taking the time to learn CMMC standards, and then learning how to actually implement and meet the compliances is time-consuming and difficult.
Fortunately, outsourced IT services make complying with CMMC a much easier task, and typically at a lower cost than full-time employees. Instead of wasting time learning and testing out processes, find an outsourced IT provider that specializes in CMMC compliance (like Omnis Tech), and begin right away on implementation.
Implementing CMMC into Your Business
While CMMC AC.2.010 may seem small, it’s all to protect your business, data, and employees – the most valuable assets. Why take the chance on a data breach if you don’t have to?
At Omnis Technologies, we work with small to mid-sized businesses to implement CMMC 2.0 policies. If you need assistance with CMMC, reach out to one of our techs today.