Understanding CMMC 2.0 Levels and Their Descriptions
TheCybersecurity Maturity Model Certification (CMMC) 2.0consists ofthree levels, each representing increasing cybersecurity maturity:
Level 1 – Foundational
Focuses onbasic cyber hygiene
Implements17 practicesaligned withFAR 52.204-21
Primarily protectsFederal Contract Information (FCI)
Level 2 – Advanced(Correct Answer)
Focuses onprotecting Controlled Unclassified Information (CUI)
Implements110 practicesaligned withNIST SP 800-171
Requirestriennial third-party assessments for critical programs
Level 3 – Expert
Focuses onadvanced cybersecurityagainstAPT (Advanced Persistent Threats)
ImplementsNIST SP 800-171 and additional NIST SP 800-172 controls
Requirestriennial government-led assessments
Why "B. Advanced" is Correct?
TheCMMC 2.0 framework explicitly describes Level 2 as "Advanced."
Italigns with NIST SP 800-171to ensure robustCUI protection.
Why Other Answers Are Incorrect?
A. Expert (Incorrect)– This describesLevel 3, not Level 2.
C. Optimizing (Incorrect)– Not a defined CMMC level description.
D. Continuously Improved (Incorrect)– CMMC does not use this terminology.
Conclusion
The correct answer isB. Advanced, which accurately describesCMMC Level 2.
[References:, CMMC 2.0 Model Overview, CMMC 2.0 Scoping Guide, NIST SP 800-171 & NIST SP 800-172, , ]
Submit