CMMC requirements

Explore key CMMC compliance requirements and controls. Identify the type and level of assessment you need, and discover how the assessment process works.

What you need to know about CMMC assessment

CMMC encompasses technical, operational, and governance-related cybersecurity practices to strengthen the security of the Department of Defense (DoD) and the Defense Industrial Base (DIB). 

To earn CMMC certification, organizations must adhere to the security practices outlined in one of the three CMMC levels—based on the type of data the organization handles and their role within the DoD supply chain. Each level also requires a different assessment type (self-assessment or third-party assessment) and has different requirements for recertification. 

Learn about CMMC requirements, certification levels, and the documentation required to earn a certification.

CMMC requirements

Written by
Written by
Reviewed by

What you need to know about CMMC assessment

CMMC encompasses technical, operational, and governance-related cybersecurity practices to strengthen the security of the Department of Defense (DoD) and the Defense Industrial Base (DIB). 

To earn CMMC certification, organizations must adhere to the security practices outlined in one of the three CMMC levels—based on the type of data the organization handles and their role within the DoD supply chain. Each level also requires a different assessment type (self-assessment or third-party assessment) and has different requirements for recertification. 

Learn about CMMC requirements, certification levels, and the documentation required to earn a certification.

Get started with CMMC

Start your CMMC journey with these related resources.

What you need to know about CMMC—from our Director of Government Strategy & Affairs Morgan Kaplan

Vanta’s director of US government strategy and affairs shares how current and future contractors for the DoD can get CMMC certified.

What you need to know about CMMC—from our Director of Government Strategy & Affairs Morgan Kaplan
What you need to know about CMMC—from our Director of Government Strategy & Affairs Morgan Kaplan
CMMC Checklist cover image

CMMC Checklist

This checklist will guide you through the steps to take to get CMMC certified and how to successfully implement and maintain the certification.

CMMC Checklist
CMMC Checklist
The nst 800 - 1717 logo on a yellow background.

The ultimate guide to NIST 800-171

Jumpstart your NIST 800-171 compliance with Vanta's complete guide to this legally required security standard.

The ultimate guide to NIST 800-171
The ultimate guide to NIST 800-171