CMMC Level 2 Compliance: Complete Implementation Checklist
9/17/2025
CMMC Level 2 certification is mandatory for DoD contractors by 2025. This checklist ensures complete preparation.
## Access Control (AC) - AC.L2-3.1.1: Limit system access - AC.L2-3.1.2: Control CUI access - Evidence: Access logs, user agreements, privilege matrices
## Awareness & Training (AT) - AT.L2-3.2.1: Security awareness training - AT.L2-3.2.2: Insider threat awareness - Evidence: Training records, certificates, testing results
## Audit & Accountability (AU) - AU.L2-3.3.1: Event logging - AU.L2-3.3.2: Log protection - Evidence: Log samples, retention policies, SIEM configuration
## Configuration Management (CM) - CM.L2-3.4.1: Baseline configurations - CM.L2-3.4.2: Security impact analysis - Evidence: Configuration standards, change logs, approval records
## Assessment Preparation - 6-month preparation minimum - Evidence package organization - Gap remediation priority - Mock assessment execution