AC · 22 requirements

Access Control

Access Control is about making sure only the right people, and the right systems, can reach CUI, and only for what they actually need. It is the largest family in Level 2 for a reason: most breaches start with access that was too broad or never removed.

The 22 Access Control requirements

70 assessment objectives across this family.

Build Access Control, and all 14 families, with an officer

The Level 2 Accelerator walks all 110 requirements with you, generates your SSP, POA&M, and Audit Room from real evidence, includes the full Level 1 platform, and puts a credentialed officer alongside you for 180 days. Filed in 180 days, or we work free until you are.

No credit card. Phase 2 begins Nov 10, 2026, when applicable DoD solicitations start requiring a current Level 2 status to win the award.

Questions, answered

How many CMMC Level 2 requirements are in Access Control?+

The Access Control family (AC) has 22 of the 110 CMMC Level 2 requirements, assessed against 70 objectives from NIST SP 800-171A.

What is the Access Control family about?+

Access Control is about making sure only the right people, and the right systems, can reach CUI, and only for what they actually need. It is the largest family in Level 2 for a reason: most breaches start with access that was too broad or never removed.