The Cybersecurity Maturity Model Certification (CMMC) consists of five levels, with Level 1 the most common with 17 practice requirements, and Level 5 the most restricted with 171 practice requirements. For levels 2 and above, there is a requirement for a system security plan and to demonstrate the institutionalization of practice requirements.