Start Free Trial
Home/Regulations/CMMC — Cybersecurity Maturity Model Certification — Regulatory Reference
Regulatory Reference
Manufacturing Federal (US) critical

CMMC — Cybersecurity Maturity Model Certification — Regulatory Reference

CUI protection for DOD contractors — access logging, encryption, and audit trail required for AI agents accessing controlled data.

Key Provisions
  • CMMC 2.0 — Levels 1, 2, and 3
  • Maps to NIST SP 800-171 (Level 2) and NIST SP 800-172 (Level 3)
  • Access control, audit accountability, identification and authentication families
  • Final rule effective 16 December 2024; phased contract inclusion
How AutoPIL Enforces It
  • CUI classified at HIGH sensitivity; CUI Specified at CRITICAL
  • Audit chain implements 800-171 §3.3 audit and accountability family
  • Agent registry implements identification and authentication for non-human accounts
Policy EngineAudit LogSensitivity LabelsAgent RegistryKey ScopingAlert Rules
AutoPIL Policy IDs
MFG-CMMC-AC-001CUI Access Control for AI Agents
MFG-CMMC-AU-001AI Agent Audit and Accountability
Official Sources
https://dodcio.defense.gov/CMMC/https://www.acq.osd.mil/cmmc/

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries