Skip to content

Information

CMMC Information & Resources

Authoritative source documents for CMMC and the NIST publications it draws from. Each links to the canonical PDF used by assessors.

CMMC · Rev 2.13

CMMC Practices (v2.13)

Source · DoD CIO

NIST SP 800-171 · Rev 2

Protecting CUI in Nonfederal Systems

Source · NIST

NIST SP 800-171 · Rev 3

Protecting CUI in Nonfederal Systems (Revision 3)

Source · NIST

NIST SP 800-172 · Rev FINAL

Enhanced Security Requirements for Protecting CUI

Source · NIST

NIST SP 800-53 · Rev 4

Security and Privacy Controls (Revision 4)

Source · NIST

NIST SP 800-53 · Rev 5

Security and Privacy Controls (Revision 5)

Source · NIST

About this site

Expert CMMC is a free, public reference tool that cross-references the CMMC 2.13 practices against the NIST publications they're built on. It's intended for assessors, CMMC implementers, and any organization preparing for a CMMC assessment. It is independently maintained and is not affiliated with or endorsed by the U.S. Department of Defense, the Cyber AB, or NIST; always confirm against the official source documents linked above.

Contact

Questions, corrections, or feedback are welcome — email contact@expertcmmc.com.

Legal

Read our Privacy Policy and Terms of Use.