Cloud Based Protection by Global Quality Systems, Inc.
www.gqs-inc.com 800-695-4965 GCC High GET STARTED TODAY
CMMC PROGRAM

CMMC Level 2
Executive Summary

Version 2.13 • September 2024

NIST SP 800-171 Rev 2

110 security requirements for protecting Controlled Unclassified Information (CUI).

Self or C3PAO Assessment

Level 2 self-assessment OR full certification by a Certified Third-Party Assessment Organization (C3PAO).

DoD Supply Chain Protection

Increased assurance for CUI protection in multi-tier defense contracts.

LEVEL 2 CERTIFICATION

CMMC Level 2 Executive Summary

Level 2 of the Cybersecurity Maturity Model Certification (CMMC) Program incorporates the security requirements specified in NIST Special Publication (SP) 800-171 Revision 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

What is CMMC Level 2?

Addresses the protection of Controlled Unclassified Information (CUI) as defined in 32 CFR § 2002.4(h). Provides increased assurance to the DoD that Organizations Seeking Assessment (OSA) can adequately protect CUI at a level commensurate with adversarial risk.

Assessment Types

  • Level 2 Self-Assessment – Conducted by the OSA
  • Level 2 Certification Assessment – Conducted by accredited C3PAO
  • POA&M closeout options available

Ready to achieve CMMC Level 2?

Microsoft GCC High + GQS expertise = fast, secure compliance.

CONTACT GQS NOW

CMMC Assessment Guide – Level 2 | Version 2.13 • DoD-CIO-00003 (ZRIN 0790-ZA19) • Trusted Microsoft Partner

14 Security Domains • 110 Requirements

From the official CMMC Assessment Guide – Level 2 v2.13

Access Control (AC)

  • Authorized Access Control3.1.1
  • Least Privilege3.1.5
  • Remote Access Control3.1.12
  • Wireless & Mobile3.1.16–3.1.19

Awareness & Training (AT) • Audit (AU) • Config (CM)

  • Role-Based Training3.2.1–3.2.3
  • System Auditing & Accountability3.3.1–3.3.9
  • Baselining & Change Management3.4.1–3.4.9

IA • IR • MA • MP • PE • RA • CA • SC • SI

  • Identification & Authentication3.5.1–3.5.11
  • Incident Response3.6.1–3.6.3
  • Media Protection & Physical Security3.8 & 3.10
  • System & Communications Protection3.13.1–3.13.16

Assessment Methodology (NIST SP 800-171A)

EXAMINE
Documentation, policies, procedures
INTERVIEW
Key personnel and system owners
TEST
Technical controls and configurations

Assessment Objectives + Evidence = MET / NOT MET findings. POA&M options available for Conditional certification.

Achieve CMMC Level 2 with GQS + Microsoft GCC High

Why Microsoft GCC High is the fastest path to CMMC Level 2

FedRAMP High + DoD SRG Level 5

Built-in controls that directly map to NIST SP 800-171 and CMMC Level 2 requirements.

GQS Microsoft Specialists

Dedicated team creates tailored implementation, policies, and evidence packages for your assessment.

Continuous Compliance

Automated monitoring, audit logging, and CUI protection across your entire environment.

ITAR • DFARS • CMMC • Controlled Unclassified Information (CUI) Protected

Global Quality Systems helps defense contractors and suppliers achieve CMMC Level 2 certification quickly and confidently using Microsoft Government Community Cloud High (GCC High).

Scope Definition

We help you define your CMMC Assessment Scope — entire enterprise or specific enclaves — per 32 CFR § 170.19.

Evidence & POA&M

Complete documentation, testing, and remediation support to reach Final Level 2 (Self or C3PAO) status.

Secure your DoD contracts today.

CMMC Level 2 compliance is no longer optional — let GQS and GCC High make it simple.

SCHEDULE YOUR FREE CMMC2 READINESS CALL

Trusted Microsoft Partner • CMMC Certified Expertise • GCC High • ITAR • DFARS Compliant Cloud Solutions