CMMCDocs.comHome / Glossary / Control Families
Control Families
Also known as: NIST 800-171 control families · 14 control families
The 14 categories that organize the 110 security requirements in NIST SP 800-171 Rev 2: AC, AT, AU, CM, IA, IR, MA, MP, PE, PS, RA, CA, SC, SI. CMMC also incorporates SR.
NIST SP 800-171 Rev 2 organizes its 110 security requirements into 14 control families, each identified by a two-letter abbreviation:
• AC — Access Control • AT — Awareness and Training • AU — Audit and Accountability • CM — Configuration Management • IA — Identification and Authentication • IR — Incident Response • MA — Maintenance • MP — Media Protection • PE — Physical Protection • PS — Personnel Security • RA — Risk Assessment • CA — Security Assessment • SC — System and Communications Protection • SI — System and Information Integrity
CMMC additionally incorporates SR (Supply Chain Risk Management) where applicable. Each requirement within a family is identified by its family code, the level designator, and a numeric reference (for example, AC.L2-3.1.13 refers to the multifactor authentication requirement in the Access Control family at Level 2).
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account