I’m working through CMMC Level 2 compliance and facing challenges with personal devices (BYOD) used by our people. We're trying to find a practical solution that aligns with the CMMC Level 2 requirements without overly restricting device use.

How are you handling personal devices in your organization? What tools or policies have you implemented to ensure compliance while maintaining flexibility for employees? Are there any best practices for encryption, monitoring, or limiting access that have worked well for you?

Thanks in advance for your input!!!