How To Determine CMMC Level Requirement Video

CMMC FAQ #2: “How To Determine CMMC Level Requirement”. This 2+ minute video answers the question: How do I determine what CMMC Level I need to meet?

DOD will require CMMC in 2021

How can you determine the required level of CMMC by DoD? The DOD will require CMMC in 2021. Therefore, the CMMC level requirement for each new contract will be published in section L of a request for information (RFI), or section M of the request for proposal (RFP).

What about existing contracts?

However, for the existing contract, you can find the controlled, unclassified information or the CUI requirements by looking for NIST, or NIST 800-171 or DFARS252.204.7012. If the contract has either of these requirements, the contractor will be handling CUI. 

CUI requires a minimum of CMMC Level 3

In order to handle CUI, the contractor must get a minimum of CMMC Level 3. If you are not required to handle CUI, or not planning to handle CUI in the future, your CMMC level requirement will likely be Level 1. But first, verify with your contract officer or your prime contractors. We hope you found this video helpful in determining your CMMC level requirement. My name is Kyle Lai, President and Chief Information Security Officer at KLC Consulting. If you have any questions or need any help on CMMC, please contact us at Thank you.

Want to learn about similarities and differences between NIST 800-171 and CMMC Level 3 compliance? Check out our video discussion here

How to Determine CMMC Level Video:  Suggested Further Viewing about Compatibility of CMMC Level 3 with NIST 800-171 video

To visit the CMMC-AB website, click here

Watch our overview discussion video about CMMC please click here

How to Determine CMMC Level Video:  Suggested Further Viewing:  An Overview of Cybersecurity Maturity Model Certification (CMMC)

To watch our CMMC secure code review requirements video, click here

Thank you for visiting our website!

Scroll to Top