CMMC 2.0

Cybersecurity Maturity Model Certification

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB). It combines various cybersecurity standards and best practices to protect sensitive information.

Organizations seeking Department of Defense (DoD) contracts must achieve CMMC certification at the appropriate level based on the sensitivity of information they handle.

CMMC Maturity Levels

Level 1 Foundational

17 practices focused on basic safeguarding of Federal Contract Information (FCI). Self-assessment required.

  • Access control practices
  • Awareness training
  • Security practices documentation
Level 2 Advanced

110 practices aligned with NIST SP 800-171. Required for handling Controlled Unclassified Information (CUI).

  • Access control (AC)
  • Audit and accountability (AU)
  • Configuration management (CM)
  • Incident response (IR)
  • ...and 10 more domains
Level 3 Expert

24 additional practices building on Level 2. Third-party assessment required.

  • Advanced access control
  • Advanced incident response
  • Security governance

17 CMMC Domains

  • Access Control (AC)
  • Asset Management (AM)
  • Audit and Accountability (AU)
  • Awareness and Training (AT)
  • Configuration Management (CM)
  • Identification and Authentication (IA)
  • Incident Response (IR)
  • Maintenance (MA)
  • Media Protection (MP)
  • Personnel Security (PS)
  • Physical Protection (PE)
  • Risk Assessment (RA)
  • Security Assessment (CA)
  • Situationally Acquired (SA)
  • System and Communications Protection (SC)
  • System and Information Integrity (SI)
  • Supply Chain Risk Management (SR)
CMMC Tools

Login to access CMMC tools and upload reports.

Login
Resources