bigforceone
CMMC Level 2 · Access Control

AC.L2-3.1.1Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other system).

What this control requires

Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other system).

Source: CMMC L2 v2.13 AC.L2-3.1.1 / NIST SP 800-171 R2 3.1.1 (official control text).

Why this matters

This control prevents unauthorized individuals from accessing your organization's systems, data, and applications. Every login, every service account, and every connected device represents a potential entry point for data theft, ransomware, or espionage. By restricting access to only authenticated users and approved devices, you create the first line of defense against both external attackers and insider threats. Without enforced access boundaries, your controlled unclassified information (CUI) becomes accessible to anyone who can reach your network or guess a password.

What evidence assessors expect

Assessors typically look for: PDF, CSV export, screenshot. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls

03.01.01

See your live posture on AC.L2-3.1.1.

FORCE shows where you stand on this control and walks you through closing it.

Start a free trial tenant →
← All controls