CMMC 2.0 Level 1 is applicable to organizations supporting the Department of Defense that handle or process Federal Contract Information (FCI).
CMMC 2.0 Level 2 is applicable to organizations supporting the DoD that handle or process Controlled Unclassified Information or types of CUI (CDI, CTI, ITAR).
CMMC 2.0 Level 3 will be applicable to a smaller group of aerospace and defense contractors in the DIB handling critical data (CUI, CTI, ITAR).
CMMC Assessment Readiness Project
Properly preparing and documenting for CMMC compliance requires organizations to prove to a Cyber AB C3PAO that their IT environment is secure, and is documented as secure, in order to handle and process contract data (FCI, CUI, ITAR, etc).
The 7 Steps to CMMC
Controlled Unclassified Information and CMMC
Controlled Unclassified Information (CUI) is Federal non-classified information that the U.S. Government creates or possesses, or that a non-Federal entity (Defense Industrial Base organizations) receives, possesses, or creates on behalf of the U.S Government.
An Executive Briefing of CMMC 2.0
This executive briefing on CMMC 2.0 covers high-level data points of CMMC 1.0 compared to CMMC 2.0, details areas of potential concern, and covers the main talking points for CMMC 2.0 Level 2 compliance.
CMMC 2.0 Compliance Information
CMMC 2.0 is going to require organizations in the DoD supply chain to protect FCI, CUI, and/or ITAR to the appropriate level determined.