New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cyber AB CMMC-CCP Exam - Topic 3 Question 1 Discussion

Actual exam question for Cyber AB's CMMC-CCP exam
Question #: 1
Topic #: 3
[All CMMC-CCP Questions]

When scoping a Level 2 assessment, which document is useful for understanding the process to successfully implement practices required for the various Levels of CMMC?

Show Suggested Answer Hide Answer
Suggested Answer: C

CMMC 2.0 Level 2 is directly aligned withNIST Special Publication (SP) 800-171, 'Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.'Organizations seeking certification (OSC) at Level 2 must demonstrate compliance with the 110 security requirements specified inNIST SP 800-171, as mandated byDFARS 252.204-7012.

Defines the Security Requirements for Protecting CUI:

NIST SP 800-171 outlines 110 security controls that contractors must implement to protectControlled Unclassified Information (CUI)in nonfederal systems.

These controls are categorized under14 families, including access control, incident response, and risk management.

Establishes the Baseline for CMMC Level 2 Compliance:

CMMC 2.0 Level 2 assessments areentirely based on NIST SP 800-171requirements.

Every practice assessed in a Level 2 certification maps directly to a requirement fromNIST SP 800-171 Rev. 2.

Provides Guidance for Implementation & Assessment:

TheNIST SP 800-171A 'Assessment Guide'provides detailed assessment objectives that guide OSCs in preparing for CMMC evaluations.

It helps define the scope of an assessment by clarifying how each control should be implemented and verified.

Referenced in CMMC and DFARS Regulations:

DFARS 252.204-7012requires contractors to implementNIST SP 800-171security requirements.

TheCMMC 2.0 Level 2modeldirectly incorporates all 110 requirementsfromNIST SP 800-171, ensuring consistency with DoD cybersecurity expectations.

A . NIST SP 800-53 ('Security and Privacy Controls for Federal Information Systems and Organizations')

This documentapplies to federal systems, not nonfederal entities handling CUI.

While it is the foundation for other security standards, it isnot the basis of CMMC Level 2assessments.

B . NIST SP 800-88 ('Guidelines for Media Sanitization')

This documentfocuses on secure data destructionand media sanitization techniques.

While data disposal is important, this standarddoes not define security controls for protecting CUI.

D . NIST SP 800-172 ('Enhanced Security Requirements for Protecting CUI')

This documentbuilds on NIST SP 800-171and applies to systems needingadvanced cybersecurity protections(e.g., targeting Advanced Persistent Threats).

It isnot required for standard CMMC Level 2 assessments, which only mandateNIST SP 800-171 compliance.

NIST SP 800-171 Rev. 2(NIST Official Site)

NIST SP 800-171A (Assessment Guide)(NIST Official Site)

CMMC 2.0 Level 2 Scoping Guide(Cyber AB)

Why NIST SP 800-171 is Essential for Level 2 Scoping:Explanation of Incorrect Answers:Key Reference for CMMC Level 2 Scoping:Conclusion:SinceCMMC 2.0 Level 2 assessments are based entirely on NIST SP 800-171, this document is the most relevant resource for scoping Level 2 assessments. Therefore, the correct answer is:

C. NIST SP 800-171


by Graham at Oct 03, 2025, 09:07 PM

Limited Time Offer

25%

Off

Get Premium CMMC-CCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carrol
2 months ago
Surprised people still mix these up!
upvoted 0 times
...
Major
2 months ago
I thought 800-172 was the latest one?
upvoted 0 times
...
Samira
2 months ago
Wait, isn't 800-53 also relevant?
upvoted 0 times
...
Miesha
3 months ago
Gotta be NISTSP 800-171 for CMMC Level 2.
upvoted 0 times
...
Shonda
3 months ago
Totally agree, 800-171 is the go-to!
upvoted 0 times
...
Truman
3 months ago
I feel like NISTSP 800-88 is more about media sanitization, so I don't think it fits here. But I could be wrong!
upvoted 0 times
...
Lauran
3 months ago
I practiced a similar question, and I believe NISTSP 800-171 was mentioned as a key document for CMMC compliance.
upvoted 0 times
...
Erick
4 months ago
I'm not entirely sure, but I remember that NISTSP 800-53 covers a broader range of security controls. Could it be useful for Level 2 assessments?
upvoted 0 times
...
Pamella
4 months ago
I think NISTSP 800-171 might be the right choice since it specifically addresses protecting controlled unclassified information, which is relevant for CMMC.
upvoted 0 times
...
Virgie
4 months ago
I feel pretty good about this question. The NIST SP 800-171 guidance is key for navigating the CMMC requirements, so that's my pick.
upvoted 0 times
...
Hobert
4 months ago
Okay, I've got a strategy - I'm going to carefully read through the CMMC documentation and compare it to the NIST SP options to figure out which one is most useful for scoping a Level 2 assessment.
upvoted 0 times
...
Bettina
4 months ago
The NIST SP 800-171 document seems like the most relevant one for understanding the CMMC implementation process. I'll focus on that one.
upvoted 0 times
...
Lili
4 months ago
Hmm, I'm not totally sure about this one. I'll have to review the CMMC documentation again to be confident in my answer.
upvoted 0 times
...
Annmarie
5 months ago
I think the answer is C) NISTSP 800-171. That document covers the practices required for the different CMMC levels.
upvoted 0 times
...

Save Cancel