3.1

Access Control

22 controls · 7 weighted 5 points · NIST SP 800-171 Rev 2

3.1.1Limit system access to authorized users and devices5 points
3.1.2Limit access to the transactions and functions users may execute5 points
3.1.3Control the flow of CUI per approved authorizations1 point
3.1.4Separate duties of individuals to reduce risk of malevolent activity1 point
3.1.5Employ least privilege, including for privileged accounts3 points
3.1.6Use non-privileged accounts for non-security functions1 point
3.1.7Prevent non-privileged users from executing privileged functions; log them1 point
3.1.8Limit unsuccessful logon attempts1 point
3.1.9Provide privacy and security notices per CUI rules1 point
3.1.10Use session lock with pattern-hiding displays1 point
3.1.11Terminate user sessions after a defined condition1 point
3.1.12Monitor and control remote access sessions5 points
3.1.13Use cryptographic mechanisms to protect remote access sessions5 points
3.1.14Route remote access via managed access control points1 point
3.1.15Authorize remote execution of privileged commands and remote access to security info1 point
3.1.16Authorize wireless access prior to allowing connections5 points
3.1.17Protect wireless access using authentication and encryption5 points
3.1.18Control connection of mobile devices5 points
3.1.19Encrypt CUI on mobile devices and mobile computing platforms3 points
3.1.20Verify and control connections to external systems1 point
3.1.21Limit use of portable storage devices on external systems1 point
3.1.22Control CUI posted or processed on publicly accessible systems1 point

Estimate your SPRS score in 2 minutes

15 quick questions across the highest-impact controls — instant estimate, no signup.

Estimate my SPRS score →

Source: NIST SP 800-171 Rev 2 (public domain) · SPRS weighting per the DoD Assessment Methodology

Support is offline

Enable live chat support. We use Crisp which stores a cookie and may process your email. See our Privacy Policy.

Support is offline

Enable live chat support. We use Crisp which stores a cookie and may process your email. See our Privacy Policy.