CMMC Specific Practices
- Level 1 is equivalent to all of the safeguarding requirements from FAR Clause 52.204-21
- Level 3, building on Levels 1 and 2, includes all of the security requirements in NIST SP 800-171 plus other practices
The remaining practices stem from multiple references as well as inputs from the DIB and DoD stakeholders. Due to various considerations, CMMC Levels 4-5 include only a subset of the enhanced security requirements from Draft NIST SP 800-171B.