How many controls are there in CMMC Level 2?

CMMC Level 2 contains 72 total practices. However, it is important to delve into the specific count of controls, as these are divided into different categories. For Level 2, the framework builds upon the foundation of Level 1 and introduces additional practices that help organizations to not only protect Controlled Unclassified Information (CUI) but also to enhance their overall cybersecurity posture.

The correct count reflects the efforts to implement comprehensive security measures that comply with various regulations, including the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS). By achieving familiarity with the number of controls, an organization can gauge its readiness and identify gaps in its cybersecurity efforts when preparing for assessments.

While the other choices present differing numbers, the adoption of 72 practices at Level 2 aligns with the structured progression found in the CMMC model. Understanding this helps in recognizing the complexity and demands placed upon organizations striving for compliance, particularly as they transition from Level 1 to Level 2, ensuring that they meet the necessary requirements to safeguard sensitive information effectively.