CMMC Level 2

Documented, Intermediate Cyber Hygiene

Designed to be a transition step from Level 1 to Level 3, CMMC Level 2 requires the documentation of cybersecurity practices as well as the implementation of a systems security plan to aid in CMMC adoption efforts. CMMC Level 2’s universally accepted cybersecurity best practices and processes set the groundwork needed for full Level 3 compliance, specifically for companies who create, house or transmit Controlled Unclassified Information (CUI) or Federal Contract Information (FCI). 


How many controls fall under CMMC Level 2?
CMMC Level 2 includes the 17 practices from level one in addition to 55 new practices and 2 new processes.

What focus falls under CMMC Level 2?
The primary focus of CMMC Level 2 is to ensure cybersecurity efforts are documented and available for reference.

How do I know if I need to be compliant under CMMC Level 2?
If performing nonsensitive work, contractors will only need to reach CMMC Level 2 in most circumstances.

What is the difference between CMMC Level 2 and 3? 

A key difference between CMMC Level 2 and Level 3 is that while Level 3 requires the on-going management of a systems security plan, CMMC Level 2 only requires the set up and documentation of one. Certain practices and procedures required in CMMC Level 2 serve to establish baseline cybersecurity hygiene and create a solid foundation. They are not involved in the on-going or optimizing of cybersecurity efforts.

CMMC Level 2

Key actions of CMMC Level 2 adoption:

  • Monitor and control remote access sessions for employees.
  • Make managers and administrators aware of cybersecurity risks and appropriate policies.
  • Establish an incident handling capability for organizational systems.
  • Detect and report events.
  • Provide maintenance and supervise maintenance of third-party contractors.
  • Follow proper practices to protect CUI and FCI, both paper and digital.
  • Regularly perform and test data backups.
  • Perform risk assessments on a regular basis.

Learn more about CMMC and explore the other four levels.

What is CMMC?

Learn more about CMMC and explore the other four levels.

What is CMMC?

Getting Your Business to CMMC Level 2 and Beyond

A key difference between CMMC Level 2 and Level 3 is that while LeveWhether CMMC Level 2 is your goal or just a stepping stone onto a higher level of cybersecurity, the experts at Hyper Vigilance are ready to help you prepare for your CMMC audit. Through tailored, time-saving, cost-effective strategies, we’ll create and implement a systems security plan that meets your cybersecurity needs and readies your business for the threats of the modern world. Contact Hyper Vigilance today to get started.

Contact Us