MSU SBDC CyberSecurity

Level 2 Header


level 2 graphic image Level 2 requires that an organization establish and document practices and policies to guide the implementation of their CMM efforts. The documentation of practices enables individuals to perform them in a repeatable manner. Organizations develop mature capabilities by documenting their processes and then practicing them as documented.

As an intermediate cyber hygiene level, Level 2 serves as a progression from Level 1 to Level 3 and consists of a subset of the security requirements specified in NIST SP 800-171 as well as practices from other standards and references. Because this level represents a transitional stage, some of the practices reference the protection of CUI.

For official CMMC details visit the CMMC Accreditation Body website and the official DoD website.

MSU SBDC Cybersecurity is not a certifying body and has no affiliation with the CMMC Accreditation Board (CMMC-AB).