Skip to main content
FIELD REPORT · COMPLIANCE

CMMC Level 2 Compliance: Complete Implementation Checklist

Comprehensive CMMC Level 2 checklist with 110 controls, evidence requirements, and assessment preparation strategies.

PUBLISHED
September 17, 2025
READ TIME
1 MIN
AUTHOR
ONE FREQUENCY

CMMC Level 2 certification is mandatory for DoD contractors by 2025. This checklist ensures complete preparation.

Access Control (AC)

  • AC.L2-3.1.1: Limit system access
  • AC.L2-3.1.2: Control CUI access
  • Evidence: Access logs, user agreements, privilege matrices

Awareness & Training (AT)

  • AT.L2-3.2.1: Security awareness training
  • AT.L2-3.2.2: Insider threat awareness
  • Evidence: Training records, certificates, testing results

Audit & Accountability (AU)

  • AU.L2-3.3.1: Event logging
  • AU.L2-3.3.2: Log protection
  • Evidence: Log samples, retention policies, SIEM configuration

Configuration Management (CM)

  • CM.L2-3.4.1: Baseline configurations
  • CM.L2-3.4.2: Security impact analysis
  • Evidence: Configuration standards, change logs, approval records

Assessment Preparation

  • 6-month preparation minimum
  • Evidence package organization
  • Gap remediation priority
  • Mock assessment execution
View All Insights
NEXT STEP

Ready to ship the next outcome?

One Frequency Consulting brings 25+ years of technology leadership and military discipline to every engagement. First call is operator-grade scoping — sixty minutes, no charge.

Brief usCase studies