CMMC Level 2 Controls | Certification & Preparation

CMMC consists of three (3) levels ranging from Foundational to Expert. These levels measure an organization’s degree of cyber maturity via an established set of processes, practices and focus areas.

Level 2 (Advanced) is for companies working with CUI. The requirements mirror NIST SP 800-171, and align with the 14 levels and 110 security controls developed to protect CUI.

CMMC Level 2 Requirements

Level 2 is primarily focusing on protecting, storing and transmitting Controlled Unclassified Information (CUI).

CMMC Level 2 Practices

Level 2 requires organizations to engage in a set of 110 practices from NIST 800-171.

Based on Existing Regulations

Based on the 110 controls found in NIST 800-171.

Controlled Unclassified Information (CUI)

Required for any contractor that handles CUI, CTI, or ITAR.

Self-Assessment

Requires third-party audit by a C3PAO.

Getting Help With Level 2 Compliance

Level 2 requirements are more stringent than Level 1 and require you to pass a third-party assessment conducted by a C3PAO. See where Coalfire Federal can help.