All 110 CMMC Level 2 requirements

Every NIST SP 800-171 requirement, with its own plain-English page: the objectives an assessor scores, how a C3PAO examines, interviews, and tests it, its point value, and whether it can go on a POA&M. Built from the official CMMC Assessment Guide Level 2 (v2.13).

Last updated July 5, 2026~6 minute readPrimary sources cited
110
Requirements, one page each
320
Assessment objectives
14
Requirement families
1 / 3 / 5
Point weights per requirement
5 pt3 pt1 pt✕ = cannot POA&M

Prove all 110, with an officer alongside you

The Level 2 Accelerator walks all 110 requirements with you, generates your SSP, POA&M, and Audit Room from real evidence, includes the full Level 1 platform, and puts a credentialed officer alongside you for 180 days. Filed in 180 days, or we work free until you are.

No credit card. Phase 2 begins Nov 10, 2026, when applicable DoD solicitations start requiring a current Level 2 status to win the award.

Questions, answered

What are the CMMC Level 2 requirements?+

CMMC Level 2 is the 110 security requirements of NIST SP 800-171 Revision 2, organized into 14 families from Access Control to System and Information Integrity, and assessed against 320 objectives in NIST SP 800-171A. Every requirement has its own page here.

How many families does CMMC Level 2 have?+

14 families: Access Control, Awareness and Training, Audit and Accountability, Configuration Management, Identification and Authentication, Incident Response, Maintenance, Media Protection, Personnel Security, Physical Protection, Risk Assessment, Security Assessment, System and Communications Protection, and System and Information Integrity.

Are all 110 requirements weighted the same?+

No. Under 32 CFR 170.24 each requirement is worth 1, 3, or 5 points against a maximum of 110. Higher-risk requirements cost more, and a short set can never be placed on a POA&M. Each requirement page shows its exact weight and eligibility.

Source: NIST SP 800-171 r2 · NIST SP 800-171A · CMMC Assessment Guide Level 2 v2.13 (DoD-CIO-00003) · 32 CFR § 170.24.