CMMC Model Construct & Implementation Evaluation Flashcards
Level 1 (Foundational)
Level 2 (Advanced)
Level 3 (Expert)
A. True
B. False
A. True
Level 1 (Fundamental)
Level 2 (Advanced)
Level 3 (Expert)
A. True
B. False
B. False - Level 1 (Foundational)
What are the CMMC Model Levels?
Level 1 (Foundational)
Level 2 (Advanced)
Level 3 (Expert)
How many practices are assessed in Level 1?
A. 15
B. 16
C. 17
D. 18
C. 17
How many practices are assessed in Level 2?
A. 110
B. 115
C. 120
D. 125
A. 110
How many practices are assessed in Level 1?
17 practices
How many practices are assessed in Level 2?
110 practices
Level 1 (Foundational) has 17 practices that are aligned with NIST SP 800-171 and FAR Clause 52.204-21.
A. True
B. False
A. True
Level 2 (Advanced) has 110 practices that are aligned with NIST SP 800-171.
A. True
B. False
A. True
An OSC seeking CMMC Level 1 certification must reach out to a C3PAO for a third party assessment.
A. True
B. False
B. False - The OSC should do an annual self assessment.
Level 1 certification includes 6 domains and 17 practices.
A. True
B. False
A. True
Level 2 certification includes 17 domains and 110 practices.
A. True
B. False
B. False - There are only 14 domains.
Level 1 (Foundational) encompasses the basic safeguarding requirements for FCI specified in which of the following?
A. NIST SP 800-171
B. FAR Clause 52.204-21
C. NIST SP 800-172
D.DFARS Clause 252.204-7012
B. FAR Clause 52.204-21
Level 2 (Advanced) encompasses the security requirements requirements for CUI specified in which of the following?
A. NIST SP 800-171
B. FAR Clause 52.204-21
C. NIST SP 800-172
D.DFARS Clause 252.204-7012
D.DFARS Clause 252.204-7012
This image shows the steps of which of the following?
A. CMMC Assessment Process (CAP)
B. CMMC Level 1 Self-Assessment
C. CMMC Level 2 Self-Assessment
D. CMMC Level 2 Assessment
B. CMMC Level 1 Self-Assessment
How often does a Level 2 certification have to be re-certified?
Every 3 years
At what step of the Level 2 assessment process does the OSC contract a C3PAO to begin the formal certification process?
A. Step 7
B. Step 8
C. Step 9
D. Step 10
C. Step 9
Company Alpha receives FCI from the Government as part of its contract. The only exception is information that the Government has officially designated as “For Public Release.” What level of certification must Company Alpha obtain?
A. Level 1
B. Level 2
C. Level 3
A. Level 1
Company Omega decided to participate in contracts that include CUI. They have determined that CUI will be handled, processed, or stored as part of that service of the contract. What level of certification much Company Omega obtain?
A. Level 1
B. Level 2
C. Level 3
B. Level 2
In the image, what information is represented in A?
A. Level
B. Domain
C. Practice
D. Security Requirement Number
B. Domain
In the image, what information is represented in B?
A. Level
B. Domain
C. Practice
D. Security Requirement Number
A. Level
In the image, what information is represented in C?
A. Level
B. Domain
C. Practice
D. Security Requirement Number
D. Security Requirement Number