CMMC 2.0 has several levels of standards to follow, CMMC AC.2.010 is just a fraction. Explore what this policy is, how it works, and why it matters.
Imagine it’s Friday afternoon and you’re headed for the door, ready for your weekend plans and in a rush, so you forget to lock your computer. While it may not cause issues most of the time, in the event of a physical break-in or cyber attack, your computer is already logged in – making confidential data much more accessible to criminals.
CMMC AC.2.010 is designed to protect your business and data in this situation. Let’s first begin with what CMMC 2.0 is.
According to the Department of Defense, the Cybersecurity Maturity Model Certification (CMMC) 2.0 program is designed to streamline requirements into cybersecurity standard tiers. These tiers begin with the most well-known and accepted requirements and build up to much more in-depth standards.
CMMC protects Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Any business in the Department of Defense supply chain is required to comply with CMMC policies.
To break it down further, one specific compliance that must be followed is CMMC AC.2.010 – use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
Now, what does that mean?
In simpler terms, CMMC AC.2.010 protects data by locking computers after 5 to 10 minutes of inactivity and requires authentication before accessing data again.
As mentioned earlier, if you forget to lock your computer before the weekend and a physical break-in or cyber attack occurs, you may make the criminal's job much easier. However, it can happen much faster than that.
Cybersecurity attacks can occur in 3 seconds. Even if you step away from your desk for a quick minute and a coworker stops to chat, your computer could be compromised. If your account is unlocked, any confidential data on your computer can be accessed and stolen. CMMC AC.2.010 tries to lower the likelihood of these instances by locking your computer after a preset period of time.
Whether you’re a large business or small organization, CMMC AC.2.010 applies to you – but the implementation process varies. Your IT team can follow these steps, or an outsourced IT provider can assist you with this setup.
If your business is configured with a domain, follow these steps.
Domain Setup:
If your business is on a local setup, follow these steps.
Individual Computers (Non Domain):
Let’s face it. Finding out who has admin privileges, taking the time to learn CMMC standards, and then learning how to actually implement and meet the compliances is time-consuming and difficult.
Fortunately, outsourced IT services make complying with CMMC a much easier task, and typically at a lower cost than full-time employees. Instead of wasting time learning and testing out processes, find an outsourced IT provider that specializes in CMMC compliance (like Omnis Tech), and begin right away on implementation.
While CMMC AC.2.010 may seem small, it’s all to protect your business, data, and employees – the most valuable assets. Why take the chance on a data breach if you don’t have to?
At Omnis Technologies, we work with small to mid-sized businesses to implement CMMC 2.0 policies. If you need assistance with CMMC, reach out to one of our techs today.
Complying with CMMC 2.0 policies is about to be enforced, and you don’t want to be left behind. Explore our in-depth article on CMMC 2.0, and more...
One of the first steps to being CMMC compliant is completing the principle of least privilege, A.K.A CMMC AC.2.007.
CMMC compliance requires non-privileged accounts or roles to be used when accessing non-security functions, A.K.A CMMC AC.2.008.