CMMC Level 2 Essentials
We previously described Cybersecurity Maturity Model Certification (CMMC) level 1 as the foundation for a sound security posture. Level 2 can most accurately be described as a bridge to level 3. Most defense contracts will have either level 1 requirements or jump to level 3. However, there are additional controls that need to be addressed in level 2 before level 3 can be assessed.
What Is CMMC Level 2 and How Does It Compare With Level 1?
CMMC level 2 is an incremental yet important milestone for defense contractors to address. CMMC level 2 focuses on intermediate cyber hygiene, creating a logical but necessary progression for organizations to step from level 1 to 3. In addition to safeguarding Federal Contract Information (FCI), level 2 begins to include protections of Controlled Unclassified Information (CUI). Compared to level 1, the additional sets of practices included in level 2 position the organization to better defend against more dangerous cyber threats.
CMMC level 2 also introduces the process maturity element of the model. At CMMC level 2, an organization is expected to perform and document key cybersecurity functions.