Cybersecurity Maturity Model Certification (CMMC) Version 2.13, published in September 2024, provides the detailed implementation guidance for the CMMC 2.0 framework. While CMMC 2.0 defines the overall structure, maturity levels, and objectives for protecting sensitive information, Version 2.13 specifies how these requirements are applied in practice. CMMC 2.13 aligns closely with FAR 52.204-21 (basic safeguarding), NIST SP 800-171 Rev 2 (CUI protection), and selected controls from NIST SP 800-172 (enhanced security). This ensures organizations implement the right controls based on the sensitivity of the information they manage.
