CMMC 2.0

What Is CMMC 2.0?

CMMC 2.0 is the DoD’s latest framework for strengthening cybersecurity across the defense industrial base (DIB). The Cybersecurity Maturity Model Certification (CMMC) 2.0 is now a requirement for all contractors and subcontractors in the Department of Defense (DoD) supply chain. If your organization handles Controlled Unclassified Information (CUI) or Federal Contract Information (FCI), you must comply with CMMC 2.0 to stay eligible for future contracts.

Released as a final rule in October 2024, it simplifies the original five-level model into three levels of security, aligning more closely with NIST SP 800-171.

• Level 1 (Foundational) – Basic cyber hygiene for FCI
  Just getting started? Learn what’s required at the foundational level on our CMMC Level 1 Data Sheet.

• Level 2 (Advanced) – 110 controls from NIST 800-171 to protect CUI

• Level 3 (Expert) – Enhanced controls from NIST 800-172 for highly sensitive programs

If your contracts involve CUI, CMMC Level 2 compliance is required, and third-party certification is mandatory.

Download our CMMC 2.0 Data Sheet to see how RSI Security helps you close gaps, accelerate readiness, and achieve compliance faster.

What’s Inside the CMMC 2.0 Data Sheet?

Our downloadable CMMC 2.0 data sheet includes:

• A complete list of all 110 CMMC Level 2 practices, mapped to NIST SP 800-171

• Domain-by-domain breakdown across 14 cybersecurity areas

• Scoring details to help you prioritize gaps and track audit readiness

• Real examples of access control, incident response, and encryption requirements

• Guidance on creating a Plan of Action & Milestones (POA&M)

• Expert insight on how RSI Security can support your certification process

Get the full checklist and roadmap. Download the CMMC 2.0 Data Sheet now.