CMMC requirements

Explore key CMMC compliance requirements and controls. Identify the type and level of assessment you need, and discover how the assessment process works.

CMMC
>
CMMC requirements

What you need to know about CMMC assessment

CMMC encompasses technical, operational, and governance-related cybersecurity practices to strengthen the security of the Department of Defense (DoD) and the Defense Industrial Base (DIB). 

To earn CMMC certification, organizations must adhere to the security practices outlined in one of the three CMMC levels—based on the type of data the organization handles and their role within the DoD supply chain. Each level also requires a different assessment type (self-assessment or third-party assessment) and has different requirements for recertification. 

Learn about CMMC requirements, certification levels, and the documentation required to earn a certification.

Your practical guide to meeting the CMMC requirements

Read now

CMMC controls explained: A complete guide for DoD contractors

Read now

What are the CMMC assessment types—and which one do you need?

Read now

Key CMMC documentation you need to demonstrate compliance

Read now

CMMC requirements

Written by
Written by
Reviewed by

CMMC requirements
Table of contents

Looking to automate up to 50% of the work for CMMC?

Request a demo
CMMC
CMMC requirements
CMMC requirements

What you need to know about CMMC assessment

CMMC encompasses technical, operational, and governance-related cybersecurity practices to strengthen the security of the Department of Defense (DoD) and the Defense Industrial Base (DIB). 

To earn CMMC certification, organizations must adhere to the security practices outlined in one of the three CMMC levels—based on the type of data the organization handles and their role within the DoD supply chain. Each level also requires a different assessment type (self-assessment or third-party assessment) and has different requirements for recertification. 

Learn about CMMC requirements, certification levels, and the documentation required to earn a certification.

Explore more CMMC articles

Introduction to CMMC

CMMC requirements

CMMC certification process

CMMC levels

Related frameworks and certifications

Get started with CMMC

Start your CMMC journey with these related resources.

What you need to know about CMMC—from our Director of Government Strategy & Affairs Morgan Kaplan

Vanta’s director of US government strategy and affairs shares how current and future contractors for the DoD can get CMMC certified.

Read more
What you need to know about CMMC—from our Director of Government Strategy & Affairs Morgan Kaplan
What you need to know about CMMC—from our Director of Government Strategy & Affairs Morgan Kaplan
CMMC Checklist cover image

CMMC Checklist

This checklist will guide you through the steps to take to get CMMC certified and how to successfully implement and maintain the certification.

Read more
CMMC Checklist
CMMC Checklist
The nst 800 - 1717 logo on a yellow background.

The ultimate guide to NIST 800-171

Jumpstart your NIST 800-171 compliance with Vanta's complete guide to this legally required security standard.

Read more
The ultimate guide to NIST 800-171
The ultimate guide to NIST 800-171

Get compliant and build trust—fast

Request a demo
G2 Badge 2025 - Best Software | Top 50 Governance, Risk, & Compliance ProductsG2 Badge 2025 - Best Software | Top 50 Security ProductsG2 Badge 2025 - Best Software | Top 100 Best Software Products