CMMC Guide – CMMC 2.0 Levels

Free CMMC Consultation

SoundWay has been helping the U.S. Government and its business partners for over a decade. To schedule a free CMMC consultation, please contact us at

CMMC 2.0 Model Structure

Level 1:  Foundational

  • 17 Controls from NIST SP:800-171 (most current version)
  • General contracts that do NOT have any CUI
  • Estimated 120,000 companies

Level 2: Advanced

  • All 110 controls from SP:800-171
  • Contracts with DFARS Clause 252.254-7012 and/or Requirements for NIST SP:800-171
  • Estimated 80,000 companies

Level 3: Expert

  • 110 controls from SP:800-171 + All controls from NIST SP:800-172
  • Contracts that are generally specific to Space and Military applications (Supporting Space Force, SOCOM, PAYCOM, etc.)
  • Estimated 400-500 companies
CMMC 2 Levels

CMMC 2.0 Compliance Tools and Resources for DoD Contractors and their Subcontractors

Does your Business Require an Independent CMMC Certification?

Out of approximately 200,000 Government Contractors supporting the United States Government, it is estimated that 80,000 will require an Independent Verification and Validation of the CMMC standard. SoundWay’s CMMC Quiz rapidly identifies if you will require a Certified Third Party Assessor Organization (C3PAO) and what is your current readiness based on a score.

Download CMMC Checklist


The Cybersecurity Maturity Model Certification (CMMC) has recently changed and is subject to future changes. SoundWay has created a checklist for evaluating your organization’s readiness. This list also includes commonly asked questions about CMMC with answers at no charge.


Download Personnel Security Rubric

Download SoundWay’s Personnel Security Guidance Rubric; Assistance for CMMC Compliance. Our Personnel Security Guidance Rubric is a one-of-a-kind approach for objectively determining how an employee’s background may impact their employment and your business.