CMMC FAQ #2: “How To Determine CMMC Level Requirement”. This 2+ minute video answers the question: How do I determine what CMMC Level I need to meet?
DOD will require CMMC in 2021
How can you determine the required level of CMMC by DoD? The DOD will require CMMC in 2021. Therefore, the CMMC level requirement for each new contract will be published in section L of a request for information (RFI), or section M of the request for proposal (RFP).
What about existing contracts?
However, for the existing contract, you can find the controlled, unclassified information or the CUI requirements by looking for NIST, or NIST 800-171 or DFARS252.204.7012. If the contract has either of these requirements, the contractor will be handling CUI.
CUI requires a minimum of CMMC Level 3
In order to handle CUI, the contractor must get a minimum of CMMC Level 3. If you are not required to handle CUI, or not planning to handle CUI in the future, your CMMC level requirement will likely be Level 1. But first, verify with your contract officer or your prime contractors. We hope you found this video helpful in determining your CMMC level requirement. My name is Kyle Lai, President and Chief Information Security Officer at KLC Consulting. If you have any questions or need any help on CMMC, please contact us at CMMC@klcconsulting.net. Thank you.
To visit the CMMC-AB website, click here
Thank you for visiting our website!