# CMMC Level 2: Here’s How Radiant Helps For organizations moving from **CMMC Level 1 to Level 2**, the challenge shifts from basic cyber hygiene to proving that security operations are consistently executed and auditable over time. Level 2 introduces **110 NIST SP 800‑171–aligned controls** and a third‑party assessment, requiring teams to demonstrate centralized visibility, documented response workflows, and retained security evidence. **Radiant Security helps teams make this transition** by centralizing security logs and alerts, enabling structured triage and response workflows, and preserving **customer‑owned, audit‑ready evidence** required for a successful Level 2 assessment. ## **Why Organizations Move to CMMC Level 2** Organizations typically pursue CMMC Level 2 certification for one or more of the following reasons: - **Handling Controlled Unclassified Information (CUI)**Contracts involving technical drawings, network architecture, vulnerability data, or sensitive program information require Level 2 compliance. - **DoD Contract Requirements**Level 2 certification is increasingly specified in DoD solicitations and RFPs, making compliance a condition for award. - **Maintaining Eligibility in the Defense Supply Chain**Prime contractors often require subcontractors to meet Level 2 requirements to remain part of the supply chain. - **Competitive Differentiation**Achieving Level 2 demonstrates mature, auditable security operations within the Defense Industrial Base. - **Preparation for Future Contracts**Organizations investing in long‑term growth in federal markets often proactively pursue Level 2 readiness. ## **How Radiant Supports CMMC Level 2 Readiness** ### **Centralized Logging & Visibility** A unified view of security events, alerts, and logs from integrated tools to support investigations, incident response workflows, and audit requirements. ### **Bring Your Own Bucket (BYOB) Log Storage** Security logs are stored in the customer’s own S3 bucket, providing full ownership, controlled retention, and audit‑ready access to evidence required for CMMC Level 2 assessments. **Data retention policies** Define granular retention policies for different types of data, including alerts (benign or malicious), incidents (true or false positives), and logs (event or raw logs). ### **Always‑Available Audit Logs** Audit logs are continuously available and accessible through Radiant’s log manager, supporting ongoing review, incident reconstruction, and third‑party assessment needs. ### **Triage & Response Workflows** Structured triage and investigation workflows aligned to incident response requirements, helping teams consistently analyze, document, and respond to security events surfaced by existing tools. ### **Audit‑Ready Evidence Generation** Preserved logs, alerts, and incident records that demonstrate security controls are operating effectively over time – a core requirement for CMMC Level 2 assessments. ### **Self‑Reported Phishing Triage** Automated, AI‑assisted triage of employee‑reported phishing emails to accelerate investigation and remediation of phishing and business email compromise (BEC) incidents. ## **CMMC Level 2 Control Areas Supported** Radiant supports multiple **CMMC Level 2 / NIST SP 800‑171 control families** by enabling centralized evidence, operational consistency, and audit readiness: - **Audit & Accountability (AU)**Centralized log management, controlled retention, and ongoing review of security events and audit records. - **Incident Response (IR)**Incident triage, investigation workflows, documentation, and preserved response evidence. - **System & Information Integrity (SI)**Visibility into security alerts and events from integrated tools, supporting investigation, validation, and false‑positive reduction. - **Risk Management (RA)**Operational visibility into security events and incident patterns that inform ongoing risk evaluation and remediation prioritization ## **Example NIST SP 800‑171 Control Mapping** Radiant supports specific NIST SP 800‑171 practices underlying CMMC Level 2, including: NIST SP 800‑171 ControlControl DescriptionSupporting Radiant FeatureAU‑2Create and retain system audit logsCentralized logging with customer‑owned S3 retention configurable data retention policiesplatform user activity audit logsAU‑6Review and analyze audit recordsUnified visibility and platform audit logs accessible at all timesAU‑9Protect audit information from unauthorized access or modificationCustomer‑controlled S3 storage IR‑4Incident handlingStructured triage and documented response workflowsIR‑6Incident reportingPreserved incident documentation and audit‑ready case recordsSI‑4Monitor systems to detect potential security eventsSurfaces only real threats from  integrated security tools ## **What Radiant Does – and Doesn’t Do** ### **Radiant Helps You:** - Operationalize CMMC Level 2 security controls - Centralize and retain audit‑ready security evidence - Reduce manual SOC and compliance effort - Standardize incident triage and response workflows ### **Radiant Does Not:** - Guarantee CMMC certification on its own - Replace required policies, procedures, or training - Act as a certifying body or auditor - Replace primary detection or prevention tools - Cover all 110 CMMC Level 2 controls by itself CMMC Level 2 compliance is a **shared responsibility** across people, process, and technology.