Cybersecurity Maturity Model Certification (CMMC) 2.0
Details
This download includes the Cybersecurity Maturity Model Certification (CMMC) 2.0 as an Authority with no mapped questions. Use this content if you just need an Authority and want to create your own question set.
CMMC Levels 1 and 2 consist of the security requirements specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.
CMMC Level 1 addresses the protection of Federal Contract Information (FCI) and encompasses the basic safeguarding requirements for FCI specified in Federal Acquisition Regulation (FAR) Clause 52.204-21, which defines FCI as: Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments.
CMMC Level 2 addresses the protection of Controlled Unclassified Information (CUI), which the National Archives and Record Administration (NARA) defines as: Information that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or Atomic Energy Act of 1954, as amended.
More Information
Jurisdiction | United States |
---|---|
Type | Laws or related obligations |