CMMC FAQ

Estimated reading: 1 minute 1388 views
  1. Self-attest L1 starts with a CMMC L1 for the basic set of requirements from CMMC. Level 1 protects Federal Contract Information (FCI).
  2. Mature with Level 2 if you handle CUI, add policies and procedures and a few controls.

Each CMMC level is built on the one below it, so compliance with the lower-level requirements and the use of additional processes are needed to implement the cyber security-based practices.

  1. Level 1: This is the most “basic cybersecurity practice,” such as using antivirus software and ensuring employees change their passwords regularly. This should be done to protect Federal Contract Information (FCI).
  2. Level 2: This is likely to be the level that most contractors fall into. Level 2 is an intermediate level between Level 1 and Level 3 and consists of good cyber hygiene. This level must be completed if the organization holds CUI (Controlled Unclassified Information) on their network.
  3. Level 3: At the expert level, the organization must demonstrate the effectiveness of the level 1 and level 2 practices.

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR