CMMCDocs.comCMMC
Also known as: Cybersecurity Maturity Model Certification
The Department of Defense's program for verifying that contractors handling sensitive government information have implemented required cybersecurity practices.
CMMC stands for Cybersecurity Maturity Model Certification. It is a Department of Defense program that requires defense contractors and subcontractors to demonstrate cybersecurity maturity before being awarded contracts that involve Federal Contract Information (FCI) or Controlled Unclassified Information (CUI).
The current version, CMMC 2.0, has three levels. Level 1 (Foundational) covers 17 basic safeguarding practices and allows annual self-assessment. Level 2 (Advanced) covers all 110 security requirements in NIST SP 800-171 Rev 2 and applies to contractors handling CUI — most Level 2 contracts require a third-party assessment by an authorized C3PAO every three years. Level 3 (Expert) covers a subset of NIST SP 800-172 and is assessed by DIBCAC.
The CMMC 2.0 Final Rule (32 CFR Part 170) took effect December 16, 2024, and certification requirements are being phased into DoD contracts beginning in 2025.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account