Certified Cybersecurity Maturity Model Certification (CMMC) Professional (CCP) Practice Exam

What is one of the assessment objectives for controlling connections to external information systems?

• A. Verifying that the connections to external systems are identified
• B. Ensuring the presence of user training
• C. Documenting the hardware configuration
• D. Issuing access badges

The correct answer is: Verifying that the connections to external systems are identified

One of the assessment objectives for controlling connections to external information systems is to verify that the connections to external systems are identified. This is crucial because identifying these connections is the first step in understanding the flow of information and the potential vulnerabilities associated with them. Proper identification allows organizations to establish security measures and to monitor and control the nature of the data that is being transmitted between internal and external systems. By ensuring that all connections to external systems are recognized, organizations can implement appropriate security protocols, such as firewalls and intrusion detection systems, to protect against unauthorized access and data breaches. Additionally, it supports compliance with regulations and standards that mandate controlling and monitoring external connections to safeguard sensitive information. In the context of the other options, while user training, documentation of hardware configuration, and access control (like issuing badges) are also important aspects of an organization's overall security posture, they do not directly address the critical first step of identifying external connections. Identifying these connections is foundational to establishing comprehensive security controls around external data exchanges, which is why it is specifically emphasized as an assessment objective.