This table shows the 18 compliance areas where CMMC 2.0 and DORA controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | CMMC 2.0 | DORA |
|---|---|---|
| Access Control | AC.L2-3.1.1, AC.L2-3.1.2 | ict-11 |
| Least Privilege | AC.L2-3.1.5, AC.L2-3.1.6 | ict-11 |
| Remote Access | AC.L2-3.1.12, AC.L2-3.1.14 | ict-09, ict-11 |
| Authentication & MFA | IA.L2-3.5.3, IA.L2-3.5.4 | ict-11 |
| Security Awareness & Training | AT.L2-3.2.1, AT.L2-3.2.2 | ict-18 |
| Audit Logging | AU.L2-3.3.1, AU.L2-3.3.2 | ict-14 |
| Configuration Management | CM.L2-3.4.1, CM.L2-3.4.2 | ict-04 |
| Change Control | CM.L2-3.4.3, CM.L2-3.4.4 | ict-13 |
| Incident Response | IR.L2-3.6.1, IR.L2-3.6.2 | inc-01 |
| Incident Reporting | IR.L2-3.6.3 | inc-05, inc-06 |
| Vulnerability Management | RA.L2-3.11.2, RA.L2-3.11.3 | ict-12 |
| Risk Assessment | RA.L2-3.11.1 | ict-07 |
| Security Assessment & Testing | CA.L2-3.12.1, CA.L2-3.12.3 | res-01 |
| Encryption | SC.L2-3.13.8, SC.L2-3.13.11 | ict-10 |
| Network Security | SC.L2-3.13.1, SC.L2-3.13.5 | ict-09 |
| Business Continuity | SC.L2-3.13.13 | ict-15 |
| Information Security Policy | CA.L2-3.12.4 | ict-08 |
| Third-Party Risk Management | CA.L2-3.12.4, SC.L2-3.13.6 | tpr-01 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.