CMMC 2.0 is the latest version and contains 14 domains. Within those domains are 110 security controls which lead to 320 objectives. These are detailed in the National Institute of Science and Technology (NIST) publication 800 – 171. Many of these controls are most likely already being practiced by companies in the Defense Industrial Base but probably not all and probably not to  the depth or detail required by the NIST guidelines.

The 14 domains are as follows:

Access Control (AC)

Audit and Accountability (AU)

Awareness and Training (AT)

Configuration Management (CM)

Identification and Authentication (IA)

Incident Response (IR)

Maintenance (MA)

Media Protection (MP)

Personnel Security (PS)

Physical Protection (PE)

Risk Management (RM)

Security Assessment (CA)

Systems and Communications Protection (SC)

System and Information Integrity (SI)

Peter McNamee  CCP