Cross-Framework Mapping

CMMC 2.0vsCMMC 2.0 Level 1

See exactly how CMMC 2.0 controls map to CMMC 2.0 Level 1. Pre-computed mappings, identified gaps, and coverage analysis.

17
Controls Mapped
93
Gaps Found
15%
Coverage

According to the TheArtOfService Compliance Knowledge Graph:

CMMC 2.0 maps to CMMC 2.0 Level 1 with 15% coverage across 17 directly mapped controls. Analysis of 110 CMMC 2.0 controls identifies 93 compliance gaps — primarily concentrated in Access Control.

Source: TheArtOfService Knowledge Graph | 110 controls analysed | 723 frameworks | 332K+ cross-framework mappings

Control Mappings

Showing 17 of 17 mapped controls across 6 domains. Sign up to explore all 332K+ mappings across 723 frameworks.

Access Control(4 mappings)

AC.L2-3.1.1Authorized Access Control
AC.L1-3.1.1Authorized Access Control
AC.L2-3.1.2Transaction & Function Control
AC.L1-3.1.2Transaction and Function Control
AC.L2-3.1.20External Connections
AC.L1-3.1.20External Connections
AC.L2-3.1.22Control Public Information
AC.L1-3.1.22Control Public Information

Identification and Authentication(2 mappings)

IA.L2-3.5.1Identification
IA.L1-3.5.1Identification
IA.L2-3.5.2Authentication
IA.L1-3.5.2Authentication

Media Protection(1 mappings)

MP.L2-3.8.3Media Disposal
MP.L1-3.8.3Media Disposal

Physical Protection(4 mappings)

PE.L2-3.10.1Limit Physical Access
PE.L1-3.10.1Limit Physical Access
PE.L2-3.10.3Escort Visitors
PE.L1-3.10.3Escort Visitors
PE.L2-3.10.4Physical Access Logs
PE.L1-3.10.4Physical Access Logs
PE.L2-3.10.5Manage Physical Access
PE.L1-3.10.5Manage Physical Access

System and Communications Protection(2 mappings)

SC.L2-3.13.1Boundary Protection
SC.L1-3.13.1Boundary Protection
SC.L2-3.13.5Public-Access System Separation
SC.L1-3.13.5Public-Access System Separation

System and Information Integrity(4 mappings)

SI.L2-3.14.1Flaw Remediation
SI.L1-3.14.1Flaw Remediation
SI.L2-3.14.2Malicious Code Protection
SI.L1-3.14.2Malicious Code Protection
SI.L2-3.14.4Update Malicious Code Protection
SI.L1-3.14.4Update Malicious Code Protection
SI.L2-3.14.5System & File Scanning
SI.L1-3.14.5System and File Scanning

Stop Paying Consultants to Read Spreadsheets

AI-powered compliance intelligence across 723 frameworks — at a fraction of consulting costs.

$0/forever

Free

  • 723 framework browser
  • Cross-framework mappings (332K+)
  • 824 compliance assessments
  • 3 AI queries & searches per day
Get Started Free
Recommended
$49/month

Professional

  • Unlimited AI Compliance Advisory
  • Unlimited full-text search
  • Framework self-assessment
  • PDF, Excel & CSV exports
Start 7-Day Free Trial →

What are the key differences between CMMC 2.0 and CMMC 2.0 Level 1?

CMMC 2.0 has 110 controls across its framework, while CMMC 2.0 Level 1 covers 17 controls. Direct mapping analysis identifies 17 overlapping controls (15% coverage). The frameworks diverge most significantly in Access Control, where 18 CMMC 2.0 controls have no direct CMMC 2.0 Level 1 equivalent.

How many controls map between CMMC 2.0 and CMMC 2.0 Level 1?

Of 110 total CMMC 2.0 controls, 17 map directly to CMMC 2.0 Level 1 controls — representing 15% coverage. The remaining 93 controls represent compliance gaps requiring additional documentation or compensating controls to satisfy both frameworks simultaneously.

What are the compliance gaps when mapping CMMC 2.0 to CMMC 2.0 Level 1?

93 CMMC 2.0 controls have no direct equivalent in CMMC 2.0 Level 1. The highest concentration of gaps is in Access Control with 18 unmapped controls. These gaps represent areas where additional controls, policies, or documentation must be created to achieve compliance with both frameworks.

Which control domains have the most gaps between CMMC 2.0 and CMMC 2.0 Level 1?

The domain with the highest gap count is Access Control (18 gaps). Export the full domain-by-domain gap breakdown via the Professional tier to generate a prioritised remediation roadmap.

This platform provides educational compliance tools, not legal, regulatory, or professional compliance advice. Cross-framework mappings are AI-assisted interpretations and do not reproduce or replace official standards. Framework names and trademarks belong to their respective owners. Consult qualified professionals for your specific compliance requirements. See our Terms of Service.