MSU SBDC CyberSecurity

Level 2 Header


level 2 graphic image Level 2 requires that an organization establish and document practices and policies to guide the implementation of their CMMC efforts. The documentation of practices enables individuals to perform them in a repeatable manner. Organizations develop mature capabilities by documenting their processes and then practicing them as documented.

As an intermediate cyber hygiene level, level 2 serves as a progression from Level 1 to Level 3 and consists of a subset of the security requirements specified in NIST SP 800-171 [4] as well as practices from other standards and references. Because this level represents a transitional stage, a subset of the practices reference the protection of CUI.

CMMC Domains

The CMMC model consists of 17 domains. The majority of these domains originate from the security-related areas in Federal Information Processing Standards (FIPS) Publication 200 [12] and the related security requirement families from NIST SP 800-171 [4]. Level 2 consist of the following CMMC domains.

Click each domain to review the practices specified for level 2 accreditation.
AC Domain Button