Module 2 CMMC 2.0 Flashcards
CMMC has 3 levels, what are they
Level 1 - foundational
Level 2 - Advanced
Level 3 - Expert
what is FCI
Federal Contract information - not intended for public release
CMMC level 2 has how many practices
110
CMMC level 2 is called what
advanced
how many domains does CMMC level 2 have
14
how many practices does CMMC level 1 have
17
what is CMMC level 1 called
foundational
how many paths does CMMC level 2 have and what are they
2
CUI prioritized acquisition
CUI none prioritized acquisition
what is CMMC level 2 based off
NIST 800-171
what will CMMC level 3 be based off
NIST 800-172
what is NIST 800-171 primary purpose
protecting CUI in nonfederal systems and organizations
what is NIST 800-172
enhanced security requirements for protecting CUI -supplement to 800-171
who created CMMC
DoD
what is the acronym DIB
Defense Industrial Base
what is CMMC level 3 called
expert
are these the responsible parties for creating CMMC 2.0
OUSD(A&S), UARC, FFRDC and DIB
yes
does CMMC encompass basic safeguarding requirements for
FCI
FAR
and the security requirements for CUI specified in NIST 800-171 per DFARS?
yes
CMMC is based off what
NIST 800-171 rev 2
CMMC level 1 encompasses safeguarding requirements for what
FCI
when are assessments done for CMMC level 1`
self assessment and annually
when are CMMC level 2 assessments done
triennial - third party
CMMC levels and associated sets of practices across domains are cumulative. do you need to achieve the preceding lower level before being the next higher level certified
yes
CMMC certification - what if you fail a higher level certification - what are your options
since you have to qualify for each level you would obtain the certification for the lower level.
the 14 domains on CMMC level 2 (advanced) align with what
NIST 800-171
what clause was CMMC level 1 specified in
FAR
what clause was CMMC level 2 specified in
DFARS
