Official guides, regulations, and templates to help you achieve CMMC compliance. All resources are free and from authoritative sources.
| Resource | Link |
|---|---|
CMMC Resources & Documentation Portal Official DoD hub for all CMMC documentation and resources DoD CIO | Open |
CMMC Documentation Portal Complete CMMC program documentation DoD CIO | Open |
CMMC Assessment Process v2.0 Official C3PAO assessment procedures Cyber AB | Open |
Cyber AB Marketplace Find certified C3PAOs and assessors Cyber AB | Open |
CMMC Program Rule (Federal Register) Official CMMC program rule published October 2024 Federal Register | Open |
Level 1 applies to contractors handling Federal Contract Information (FCI). It requires a self-assessment against 15 basic safeguarding controls.
| Resource | Link |
|---|---|
CMMC Assessment Guide - Level 1 v2.13 Official self-assessment guide for Level 1 (15 controls) DoD CIO | Open |
FAR 52.204-21 - Basic Safeguarding Federal regulation defining the 15 basic safeguarding requirements Acquisition.gov | Open |
FAR 52.204-21 (Legal Reference) Legal text of FAR clause for FCI protection Cornell Law | Open |
Level 2 applies to contractors handling Controlled Unclassified Information (CUI). Requires either self-assessment or third-party C3PAO assessment depending on contract requirements.
| Resource | Link |
|---|---|
CMMC Scoping Guide - Level 2 Guide for identifying assessment scope and asset categories DoD CIO | Open |
CMMC Assessment Guide - Level 2 v2.13 Official assessment guide for Level 2 (110 controls) DoD CIO | Open |
NIST SP 800-171 Rev 2 Protecting Controlled Unclassified Information (CUI) - 110 security requirements NIST | Open |
NIST SP 800-171 Rev 2 (Web Page) Official NIST publication page with supplemental materials NIST CSRC | Open |
NIST SP 800-171A - Assessment Procedures Detailed assessment procedures for each control NIST | Open |
iATTEST helps you track compliance, generate policies, and prepare for assessments with AI-powered assistance. Start free today.