Search
Updated on November 24, 2023

CMMC FAQ

Estimated reading: 1 minute 1402 views
  1. Self-attest L1 starts with a CMMC L1 for the basic set of requirements from CMMC. Level 1 protects Federal Contract Information (FCI).
  2. Mature with Level 2 if you handle CUI, add policies and procedures and a few controls.

Each CMMC level is built on the one below it, so compliance with the lower-level requirements and the use of additional processes are needed to implement the cyber security-based practices.

  1. Level 1: This is the most “basic cybersecurity practice,” such as using antivirus software and ensuring employees change their passwords regularly. This should be done to protect Federal Contract Information (FCI).
  2. Level 2: This is likely to be the level that most contractors fall into. Level 2 is an intermediate level between Level 1 and Level 3 and consists of good cyber hygiene. This level must be completed if the organization holds CUI (Controlled Unclassified Information) on their network.
  3. Level 3: At the expert level, the organization must demonstrate the effectiveness of the level 1 and level 2 practices.

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
Trusty

Want to see how to turn GRC into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity

The #1 Community for Security, Privacy, and GRC Professionals.

© 2024 TrustCloud Corporation. All rights reserved.
TrustCloud® and TrustOps® are registered trademarks of TrustCloud Corporation.

Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud

💛 Joyfully Crafted to Elevate GRC Leaders into Trust Champions.

OR