Get compliant
Menu

Day: April 16, 2026

NIST 800-171 Rev 3 Is Here, so Why Is CMMC Still on Rev 2?

NIST SP 800-171 Revision 3 has been published for nearly two years. The DoD has released its Organization-Defined Parameters for Rev 3. DFARS clause 252.204-7012 tells contractors to implement the “most current version” of 800-171. And yet every CMMC Level 2 assessment happening right now is evaluated against Revision 2. If you’re a DIB contractor […]

CMMC Level 1 Requires 17 Safeguards 15 Controls

The official FAR clause lists 15 safeguards, but CMMC documentation often references 17 practices. Here is why: 

CMMC inherited the DoD’s earlier mapping from the DFARS 252.204-21 “Basic Safeguarding” table, where two of the FAR requirements were split into multiple CMMC practice IDs during modeling. They are not additional requirements—just a structural carryover from the original DoD-to-NIST mapping exercise.