CMMC Specific Practices

CMMC Specific Practices

The majority of the practices (110 of 171) originate from the safeguarding requirements and security requirements specified in FAR Clause 52.204-21 and DFARS Clause 252.204-7012, respectively.

  • Level 1 is equivalent to all of the safeguarding requirements from FAR Clause 52.204-21
  • Level 3, building on Levels 1 and 2, includes all of the security requirements in NIST SP 800-171 plus other practices

The remaining practices stem from multiple references as well as inputs from the DIB and DoD stakeholders. Due to various considerations, CMMC Levels 4-5 include only a subset of the enhanced security requirements from Draft NIST SP 800-171B.

No Level 1 CMMC Specific Practices