Why this guide
- Built from the public CMMC Model 2.0 — domain map and practice counts aligned to the current framework
- NIST SP 800-171 crosswalk — the foundation of CMMC Level 2 in one comparison view
- Assessment scoping checklist — how to bound FCI and CUI environments before evidence collection begins
- Designed for printing — full guide, two 1-page cheat sheets, and a 1-page pocket card
Who this is for
- Defense Industrial Base contractors preparing for CMMC assessment and compliance
- Compliance consultants advising organizations on NIST SP 800-171 and CMMC 2.0
- Cybersecurity assessors moving into CMMC assessment-team roles
- GRC analysts supporting DoD supply-chain security requirements
- MSPs and MSSPs managing security programs for DIB clients
What you'll learn
- CMMC 2.0 levels and scoping: Level 1 (Foundational, 17 practices), Level 2 (Advanced, 110 practices aligned with NIST SP 800-171), Level 3 (Expert)
- CMMC domain areas: Access Control, Asset Management, Audit and Accountability, Awareness and Training, Configuration Management, Cybersecurity Governance, Cybersecurity Hygiene, Data Protection, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Recovery, Risk Management, Security Assessment, Situational Awareness, System and Communications Protection, System and Information Integrity
- NIST SP 800-171 alignment: CUI protection, the 110 security requirements, families, and how they map to CMMC Level 2 practices
- Assessment process: Assessment objectives, evidence collection, artifact review, interviews, scoping, and reporting fundamentals
- CCP role and responsibilities: Supporting Certified Assessors, preparing assessment plans, collecting evidence, and maintaining professional conduct
- Governance and policy basics: System security plans, plans of action and milestones, risk assessment, supply-chain security
- Key documentation: CMMC Model 2.0, NIST SP 800-171 Rev 2, 32 CFR Part 170, and Cyber AB assessor guidance
What you're getting
- 6 printable PDFs: cover, course notice, full study guide, two condensed cheat sheets, and an exam-day pocket card.
- Content built from the public syllabus and real test-taker accounts.
- No fake "actual exam" content — honest, source-cited study aids.
"CMMC is detail-dense. Know the difference between Level 1, Level 2, and Level 3 scope and practices."
— paraphrased from public test-taker accounts
