CMMC 2.11

Learn about the Cybersecurity Maturity Model Certification (CMMC) 2.11 and explore its requirements.

  • Purpose

    CMMC is a DoD certification and compliance program that will apply to DoD contractors.

  • NIST 800-171

    CMMC leverages NIST 800-171's 110 security requirements which define the safeguarding requirements for controlled unclassified information (CUI) on nonfederal systems.

  • 3 CMMC Levels

    CMMC includes 3 levels. Level 1 includes 15 requirements, level 2 includes 110 requirements, and level 3 includes 24 additional requirements from NIST 800-172's enhanced security requirements.

  • CyberAB

    The CyberAB (formerly known as the CMMC Accreditation Body) is responsible for authorizing and accrediting CMMC Third-Party Assessment Organizations (C3PAOs). C3PAOs are 3rd-party assessors who conduct CMMC assessments of companies within the Defense Industrial Base (DIB).

  • Certification

    The majority of CMMC level 2 contracts will require a 3rd-party assessment by a C3PAO. All CMMC level 3 contracts will require a government conducted assessment. Successful assessments will result in certification.

  • Compliance

    All CMMC level 1 contracts will require self-assessments. Compliance will be achieved after the self-assessment has been completed and the results have been entered into the Supplier Performance Risk System (SPRS) website.

NIST 800-171 / CMMC Training
Available Now!

NIST 800-171 r2

Learn about NIST 800-171 and explore its 110 security requirements.

NIST 800-171A

Learn about NIST 800-171A and explore its assessment procedures.

CMMC adds an independent assessment and certification program that provides the DoD more assurance that the Defense Industrial Base (DIB) is protecting its controlled unclassified information (CUI) in accordance with the security requirements of NIST 800-171.

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!