TrustCloud launches native ServiceNow application to deliver enterprise-grade continuous control monitoring. Read more →
Search
Schedule a Demo
Updated on May 6, 2024

CMMC FAQ

Estimated reading: 1 minute 2521 views
  1. Self-attest L1 starts with a CMMC L1 for the basic set of requirements from CMMC. Level 1 protects Federal Contract Information (FCI).
  2. Mature with Level 2 if you handle CUI, add policies and procedures and a few controls.

Each CMMC level is built on the one below it, so compliance with the lower-level requirements and the use of additional processes are needed to implement the cyber security-based practices.

  1. Level 1: This is the most “basic cybersecurity practice,” such as using antivirus software and ensuring employees change their passwords regularly. This should be done to protect Federal Contract Information (FCI).
  2. Level 2: This is likely to be the level that most contractors fall into. Level 2 is an intermediate level between Level 1 and Level 3 and consists of good cyber hygiene. This level must be completed if the organization holds CUI (Controlled Unclassified Information) on their network.
  3. Level 3: At the expert level, the organization must demonstrate the effectiveness of the level 1 and level 2 practices.

Join the conversation

You might also be interested in

1 month ago

Strengthen security with smart data breach response practices

Learn proactive data breach response strategies to protect your business. Boost cybersecurity, reduce risk,...
Read more
2 months ago

Digital transformation in governance: strategies for success in 2026

Digital transformation in governance is driven by the increasing demand for improved government services...
Read more
2 months ago

Access control policies for strong data security in 2026

Learn how ideal access control policies protect sensitive data, enforce user roles, and ensure...
Read more
3 months ago

Powerful benefits of decentralized governance in 2026

Explore how blockchain powers decentralized governance. Learn its impact on control, trust, and compliance...
Read more
3 months ago

NIST password guidelines 2026: what you need to know to stay secure

With a proactive and comprehensive approach, you can unlock the future of cybersecurity and...
Read more
3 months ago

How to implement a data classification policy in 2026

Learn how to implement a data classification policy to protect sensitive information, ensure compliance,...
Read more
3 months ago

ISO 27001 toolkit: Essential tools and templates to simplify compliance in 2026

Looking to achieve ISO 27001 compliance faster? Explore this curated ISO 27001 compliance toolkit...
Read more
3 months ago

Transforming healthcare compliance: Top benefits of automation in 2026

Discover how automation enhances healthcare compliance by reducing errors, saving time, and ensuring data...
Read more
Trusty

Want to see how to turn security into a profit center?

Ready to save time and money on audits, pass security reviews faster, and manage enterprise-wide risk? Let’s talk! 

Learn More
TrustCommunity Logo

The #1 Community for Security, Privacy, and GRC Professionals.

© 2026 TrustCloud Corporation. All rights reserved. TrustCloud®, TrustOps®, TrustShare®, TrustRegister®, TrustLens® and TrustHQ® are registered trademarks of TrustCloud Corporation.
Facebook Linkedin Youtube Rss

Resources

Platform

TOPICS

ABOUT US

AICPA
Monitored by TrustCloud
💛 Joyfully Crafted to Elevate Security and GRC Leaders into Trust Champions.
OR

TrustCommunity

Instant support with our AI chatbot

Please login with your TrustCloud credentials to continue

Login