CMMC

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

NIST SP 800-171 Revision 2

NIST Special Publication 800-171 Revision 2 defines 110 security requirements across 14 control families for protecting Controlled Unclassified Information in nonfederal systems. It is the technical baseline for CMMC Level 2 and the operational requirement embedded in DFARS 252.204-7012. Revision 3, published May 2024, restructures the catalog and is expected to replace Revision 2 in the CMMC ruleset on a future timeline DoD has not yet committed to.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.