MSU SBDC CyberSecurity

Funded in part through a cooperative agreement with the U.S. Small Business Administration through The University of Mississippi. All opinions, conclusions or recommendations expressed are those of the author(s) and do not necessarily reflect the views of the SBA or The University of Mississippi.

Overview

Level 2 requires that an organization establish and document practices and policies to guide the implementation of their CMM efforts. The documentation of practices enables individuals to perform them in a repeatable manner. Organizations develop mature capabilities by documenting their processes and then practicing them as documented.

As an intermediate cyber hygiene level, Level 2 serves as a progression from Level 1 to Level 3 and consists of a subset of the security requirements specified in NIST SP 800-171 as well as practices from other standards and references. Because this level represents a transitional stage, some of the practices reference the protection of CUI.

For official CMMC details visit the CMMC Accreditation Body website and the official DoD website.

https://www.CMMCAB.org
https://www.acq.osd.mil/cmmc/

MSU SBDC Cybersecurity is not a certifying body and has no affiliation with the CMMC Accreditation Board (CMMC-AB).