CMMC Level 2 Requirements

CMMC Level 2 is considered the intermediate cyber hygiene level and creates a maturity-based progression for organizations to step from Level 1 to 3.

At this level, an organization is expected to establish and document standard operating procedures, policies, and strategic plans to guide the implementation of its cybersecurity program. The documentation of practices permits individuals to perform duties in a consistent and repeatable manner.


The new CMMC is a complicated model that will require DoD contractors to review, assess and make necessary changes to cybersecurity controls to bid on future DoD contracts. The best place to start is a CMMC readiness assessment which will review your current infrastructure and identify the changes which need to be made.


Neena Shukla, CPA, CFE, CGMA, FCPA, CTP

Partner, Government Contracting Team Leader