Overview
Level 2 requires that an organization establish and document practices and policies to guide the
implementation of their CMM efforts. The documentation of practices enables individuals to perform
them in a repeatable manner. Organizations develop mature capabilities by documenting their processes
and then practicing them as documented.
As an intermediate cyber hygiene level, Level 2 serves as a progression from Level 1 to Level 3 and
consists of a subset of the security requirements specified in NIST SP 800-171 as well as practices from
other standards and references. Because this level represents a transitional stage, some of the
practices reference the protection of CUI.
For official CMMC details visit the CMMC Accreditation Body website and the official DoD website.
https://www.CMMCAB.org
https://www.acq.osd.mil/cmmc/
MSU SBDC Cybersecurity is not a certifying body and has no
affiliation with the CMMC Accreditation Board (CMMC-AB).