The Cybersecurity Maturity Model Certification (CMMC) Level 2 Assessment Checklist has been the subject of much discussion and debate among federal contractors in recent months. While the Level 1 checklist was relatively straightforward, the Level 2 checklist is a more complex and nuanced document that requires a deep understanding of a contractor’s processes and policies. In this article, we’ll take a close look at the CMMC Level 2 Assessment Checklist and provide practical guidance for contractors looking to improve their cybersecurity posture.
The CMMC Level 2 Assessment Checklist: What You Need to Know
The CMMC Level 2 Assessment Checklist is based on the NIST SP 800-171 Rev. 2 standards, which provide a framework for implementing cybersecurity best practices in federal contracting. The Level 2 checklist is designed to assess a contractor’s ability to implement basic cybersecurity controls and processes, including:
- Implementing access controls to protect organizational information
- Implementing configuration management to protect organizational information
- Implementing media protection to protect organizational information
- Implementing personnel security to protect organizational information
- Implementing system and communication protection to protect organizational information
- Implementing system and information integrity to protect organizational information
- Implementing system and information protection to protect organizational information
A Closer Look at the CMMC Level 2 Assessment Checklist
The CMMC Level 2 Assessment Checklist is divided into 17 practices, each of which is further broken down into specific controls and processes. The checklist assesses a contractor’s ability to implement these controls and processes, including:
- Implementing access controls to protect organizational information, including:
- Implementing user account management policies and procedures
- Implementing password policies and procedures
- Implementing role-based access control


