CMMC Level 2 (Advanced)
The mid-tier CMMC level requiring all 110 NIST SP 800-171 controls. Most contracts involving CUI require this level with third-party assessment.
Related Terms
CMMC
A DoD framework requiring defense contractors to meet specific cybersecurity standards before handling federal contract information.
CUI
Government-created or -owned information that requires safeguarding controls per law, regulation, or government-wide policy, but is not classified.
NIST SP 800-171
The NIST standard specifying 110 security requirements for protecting CUI in non-federal systems. Forms the basis of CMMC Level 2 and DFARS 252.204-7012 compliance.
C3PAO
An organization authorized by the CMMC Accreditation Body (the Cyber AB) to conduct CMMC Level 2 assessments of defense contractors.
CMMC Level 1 (Foundational)
The basic CMMC tier requiring 17 cybersecurity practices for protecting Federal Contract Information. Allows annual self-assessment.