What is CMMC Compliance?

The requirements for CMMC certification depend on the level of certification.

Here is a short explanation of each certification level, with each level building upon the previous level’s requirement. For example, to complete Level 2, you will need to have completed all the requirements of Level 1 plus additional requirements:

Level 1: “Basic Cyber Hygiene"-- DoD service providers who prefer to pass an examination at this level should execute 7 controls of NIST 800-171 rev1.

Level 2: "Intermediate Cyber Hygiene"-- Here, DoD specialists should execute yet another 48 controls of NIST 800-171 rev1 as well as seven new "Other" controls. 

Level 3: "Good Cyber Hygiene"-- To accomplish level 3 certification, the last 45 controls of NIST 800-171 Rev1 and 13 new "Other" controls need to be carried out.

Level 4: "Proactive Cybersecurity” -- Along with controls from levels 1 through 3, 11 additional controls of NIST 800-171 Rev2 plus 15 new "Other" controls are required.

Level 5: “Advanced/ Progressive Cybersecurity” -- For the maximum level, DoD specialists must carry out the last four controls in NIST 800-171 Rev2 together with 11 new "Other" controls.

See Also:

1. What is CMMC?
2. What are CMMC Requirements?
3. Who needs to comply with CMMC?
4. What is CMMC Certification?
5. What is CMMC Compliance?
6. CMMC Compliance
7. DFARS and CMMC