Phone No: Top Contact




CMMC Level 2 Controls

CMMC Level 2 Controls

CMMC Level 2 Controls

Domain AT: Awareness and Training

Through routine awareness and training programs, your staff will learn how to avoid cyberattacks and best safeguard your data and assets, building a culture of cybersecurity within your company.

Domain AU: Audit and Accountability

This family of controls covers your organization’s policies and procedures for defining audit requirements; performing audits of user and system activities; and creating, logging, reviewing, reporting, and protecting audit trails to promote accountability and identify security flaws or violations.

Domain MP: Media Protection

These controls secure information stored on digital and non-digital media or devices (e.g., USB drives, hard drives, paper hard copies) through procedures for media use, access, marking, storage, transport, sanitization and downgrading.

Domain PE: Physical Protection

Protecting information systems and data requires the physical security of the facilities that house them from all manner of threats (e.g., theft, natural disaster, accidents).

Domain PS: Personnel Security

Personnel security practices ensure that employees, contractors and third-party users have been screened and found suitable prior to being granted access to your organization’s systems, as well as establish procedures to protect your systems when personnel leave their positions, to reduce the risk of theft, insider threat, fraud or misuse.

Domain RE: Recovery

Maintaining plans to restore capabilities or services impaired by a cybersecurity event, including securely backing up and protecting data, allows organizations to minimize damage and quickly resume normal operations.

No practices required for the following domains at CMMC Level 2

  • Domain AM Asset Management
  • Domain SA Situational Awareness