Defense Tech Stack - Answered Instantly
Compliance, GCC High, Azure Gov, infrastructure security, and incident response. 70+ official sources covering CMMC, NIST, DFARS, M365, and more. Free to use.
We ask for an email to prevent abuse and keep this free for everyone.
You
What are the CMMC 2.0 levels?
Tentacle Ops
CMMC 2.0 has three levels. Level 1 (Foundational) - 17 practices from FAR 52.204-21, self-assessed annually. Level 2 (Advanced) - 110 controls from NIST SP 800-171, third-party assessed for critical CUI contracts. Level 3 (Expert) - NIST SP 800-172 controls, government-assessed.
Most small defense contractors handling CUI need Level 2. What kind of information are you handling on your contracts?
CMMC Final Rule - 32 CFR Part 170
NIST SP 800-171 Rev 2