CMMC Level 2
Advanced
CMMC consists of three (3) levels ranging from Foundational to Expert. These levels measure an organization’s degree of cyber maturity via an established set of processes, practices and focus areas.
Level 2 (Advanced) is for companies working with CUI. The requirements mirror NIST SP 800-171, and align with the 14 levels and 110 security controls developed to protect CUI.
CMMC Level 2 Requirements
Level 2 is primarily focusing on protecting, storing and transmitting Controlled Unclassified Information (CUI).
CMMC Level 2 Practices
Level 2 requires organizations to engage in a set of 110 practices from NIST 800-171.
Based on Existing Regulations
Based on the 110 controls found in NIST 800-171.
Controlled Unclassified Information (CUI)
Required for any contractor that handles CUI, CTI, or ITAR.
Self-Assessment
Requires third-party audit by a C3PAO.