CMMC Level 2 Assessment Guide
Comprehensive reference for C3PAOs conducting Level 2 assessments, including evidence expectations and scoring criteria.
v2.13 C3PAOs PDF Updated May 12, 2026
DownloadEngagement Resources
Guidance & Tools
Implementation and assessment guidance for CMMC and SCF stakeholders navigating the cybersecurity conformity ecosystem.
C3PAO Application Requirements
Eligibility criteria, organizational prerequisites, and documentation requirements for new C3PAO applicants.
v1.8 Applicants PDF Updated Apr 28, 2026DownloadEvidence Collection and Handling Procedures
Standards for collecting, storing, and reviewing assessment evidence in accordance with CMMC program requirements.
v3.1 C3PAOs PDF Updated Apr 15, 2026DownloadAccreditation Renewal Pathway
Step-by-step guidance for organizations approaching renewal, including timelines, required artifacts, and review milestones.
v2.0 Accredited Orgs PDF Updated Mar 30, 2026DownloadAssessment Scoping Methodology
Framework for defining assessment boundaries, identifying in-scope assets, and documenting scope decisions.
v1.5 C3PAOs PDF Updated Mar 18, 2026DownloadPOA&M Documentation Requirements
Guidance on creating, maintaining, and closing Plans of Action and Milestones during and after assessments.
v1.2 All Participants PDF Updated Feb 22, 2026DownloadAssessor Qualification Standards
Minimum qualifications, continuing education requirements, and conflict-of-interest rules for CMMC assessors.
v2.4 Assessors PDF Updated Feb 10, 2026DownloadSPRS Score Reporting Guide
Instructions for submitting and updating Supplier Performance Risk System scores following a CMMC assessment.
v1.0 DIB Contractors PDF Updated Jan 28, 2026Download