CMMC Level 3 is for CUI- Controlled Unclassified Information utilized by high priority contractors only.
The DoD requires DIB Contractors to submit to an assessment conducted by the Federal Government for 110 + "Delta 20" Security Practices.
Level 3 of CMMC draws guidance from NIST SP 800-172: protecting Controlled Unclassified Information in Nonfederal Systems and Organizations of the highest priority to national
defense and security.
The Level 3 Model is still being developed and assessments will be on a triannual basis lead by Government Inspectors. Level 3 provides federal agencies with a set of enhanced security requirements for protecting the confidentiality, integrity,
and availability of controlled unclassified information (CUI) in nonfederal systems and organizations from the advanced persistent threat when the CUI is associated with a critical program or high value asset.
