CMMC Level 2is designed to alignfullywithNIST SP 800-171, which consists of110 security controls (practices).
This meansall 110 practicesfrom NIST SP 800-171 are required for aCMMC Level 2 certification.
How Many Practices Are Included in CMMC Level 2?Breakdown of Practices in CMMC 2.0CMMC Level
Number of Practices
Level 1
17 practices(Basic Cyber Hygiene)
Level 2
110 practices(Aligned with NIST SP 800-171)
Level 3
Not yet finalized but expected to exceed 110
Since CMMC Level 2 mandatesall 110 NIST SP 800-171 practices, the correct answer isC. 110 practices.
A. 17 practices❌Incorrect.17 practicesapply only toCMMC Level 1, not Level 2.
B. 72 practices❌Incorrect. There is no CMMC level with72 practices.
D. 180 practices❌Incorrect. CMMC Level 2only requires 110 practices, not 180.
Why the Other Answers Are Incorrect
CMMC 2.0 Model– Confirms thatLevel 2 includes 110 practicesaligned withNIST SP 800-171.
NIST SP 800-171 Rev. 2– Outlines the110 security controlsrequired for handlingControlled Unclassified Information (CUI).
CMMC Official ReferencesThus,option C (110 practices) is the correct answer, as per official CMMC guidance.
Submit