TheCMMC Model consists of 14 domains, which are based on theNIST SP 800-171 control familieswith additional cybersecurity practices.
Eachdomaincontainspractices and processesthat define cybersecurity requirements for organizations seeking CMMC certification.
[Reference:, CMMC 2.0 Model Documentation, NIST SP 800-171 Framework, Step 2: List of 14 CMMC DomainsAccess Control (AC), Asset Management (AM)(Introduced in CMMC 2.0 for scoping guidance), Audit and Accountability (AU), Awareness and Training (AT), Configuration Management (CM), Identification and Authentication (IA), Incident Response (IR), Maintenance (MA), Media Protection (MP), Personnel Security (PS), Physical Protection (PE), Risk Management (RM), Security Assessment (CA), System and Communications Protection (SC), Step 3: Why Other Answer Choices Are IncorrectB. 43 domains (Incorrect):, The CMMC model does not have43 domains; this number is incorrect., C. 72 domains (Incorrect):, There are72 practices in CMMC Level 2, but not72 domains., D. 110 domains (Incorrect):, 110 refers to the number of security controls in NIST SP 800-171, which aligns withCMMC Level 2, but these are controls, not domains., Final Confirmation of Correct Answer:The CMMC Model consists of 14 domains based on NIST SP 800-171 control families., Thus, the correct answer is:A. 14 domains, , , ]
