CM · 9 requirements

Configuration Management

Configuration Management is about running your systems in a known, deliberate state: baselines, change control, and locking down what is not needed. Uncontrolled configuration drift is where quiet vulnerabilities live.

The 9 Configuration Management requirements

44 assessment objectives across this family.

Build Configuration Management, and all 14 families, with an officer

The Level 2 Accelerator walks all 110 requirements with you, generates your SSP, POA&M, and Audit Room from real evidence, includes the full Level 1 platform, and puts a credentialed officer alongside you for 180 days. Filed in 180 days, or we work free until you are.

No credit card. Phase 2 begins Nov 10, 2026, when applicable DoD solicitations start requiring a current Level 2 status to win the award.

Questions, answered

How many CMMC Level 2 requirements are in Configuration Management?+

The Configuration Management family (CM) has 9 of the 110 CMMC Level 2 requirements, assessed against 44 objectives from NIST SP 800-171A.

What is the Configuration Management family about?+

Configuration Management is about running your systems in a known, deliberate state: baselines, change control, and locking down what is not needed. Uncontrolled configuration drift is where quiet vulnerabilities live.