CMMC 2.0 • LEVEL 2 • PHYSICAL PROTECTION

PE.L2-3.10.6Alternate Work Site

Determine alternate work sites allowed for use by employees. Employ the following security requirements at alternate work sites: VPN with MFA for all CUI access; encrypted storage for CUI at rest; approved/government-furnished device only; physical privacy measures; no CUI printing at home; and incident reporting capabilityCMMC/STIG.

NIST 800-171 Mapping

NIST 800-53 Controls

PE-17

Assessment Objectives

  • alternate work sites allowed for use by employees are determined.
  • the following security requirements are employed at alternate work sites: VPN with MFA for all CUI access; encrypted storage for CUI at rest; approved/government-furnished device only; physical privacy measures; no CUI printing at home; and incident reporting capabilityCMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

PE.L1-3.10.1 Physical Access Authorizations PE.L2-3.10.2 Monitoring Physical Access PE.L1-3.10.3 Escort Visitors and Monitor Visitor Activity PE.L1-3.10.4 Maintain Audit Logs of Physical Access