CMMC

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) is a DoD framework that verifies contractors have implemented cybersecurity practices to protect Controlled Unclassified Information (CUI). CMMC 2.0 has three levels aligned with NIST standards.

Key Topics

CMMC 2.0 levels (1, 2, 3)
Level 1 - 17 practices (FCI protection)
Level 2 - 110 NIST 800-171 controls (CUI protection)
Level 3 - NIST 800-172 enhanced security
Self-assessment vs. third-party assessment (C3PAO)
SPRS scoring and submission
POA&M management and timelines
CMMC assessment process and timeline

Key References

DFARS 252.204-7021
CMMC Requirements
NIST SP 800-171 Rev 2
CUI Security Requirements
NIST SP 800-172
Enhanced Security Requirements
32 CFR Part 170
CMMC Program Rule
DFARS 252.204-7019
NIST 800-171 DoD Assessment
DFARS 252.204-7020
NIST 800-171 DoD Assessment Requirements

Have Questions About CMMC?

Get instant, expert answers from our AI-powered compliance assistant.