CMMC

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) is a DoD framework that verifies contractors have implemented cybersecurity practices to protect Controlled Unclassified Information (CUI). CMMC 2.0 has three levels aligned with NIST standards.

Key Topics

CMMC 2.0 levels (1, 2, 3)

Level 1 - 17 practices (FCI protection)

Level 2 - 110 NIST 800-171 controls (CUI protection)

Level 3 - NIST 800-172 enhanced security

Self-assessment vs. third-party assessment (C3PAO)

SPRS scoring and submission

POA&M management and timelines

CMMC assessment process and timeline

Sample Questions

Click any question to start a conversation with the AI expert.

What are the three CMMC 2.0 levels and their requirements?

When do I need a third-party CMMC assessment vs. self-assessment?

How do I calculate my SPRS score?

What is the timeline for CMMC implementation?

What are the costs of CMMC Level 2 certification?

How do POA&Ms work under CMMC 2.0?

Key References

DFARS 252.204-7021

CMMC Requirements

NIST SP 800-171 Rev 2

CUI Security Requirements

NIST SP 800-172

Enhanced Security Requirements

32 CFR Part 170

CMMC Program Rule

DFARS 252.204-7019

NIST 800-171 DoD Assessment

DFARS 252.204-7020

NIST 800-171 DoD Assessment Requirements

DFARS- Defense Federal Acquisition Regulation Supplement

Ethics- Ethics & Compliance Programs

International- International Contracting & Export Controls

Have Questions About CMMC?

Get instant, expert answers from our AI-powered compliance assistant.

Ask About CMMC Take CMMC Assessment

CMMC

Key Topics

Sample Questions

Key References

Related Domains

Have Questions About CMMC?