This table shows the 12 compliance areas where CMMC 2.0 and GDPR controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | CMMC 2.0 | GDPR |
|---|---|---|
| Access Control | AC.L2-3.1.1, AC.L2-3.1.2 | gdpr-se-05 |
| Least Privilege | AC.L2-3.1.5, AC.L2-3.1.6 | gdpr-se-05 |
| Authentication & MFA | IA.L2-3.5.3, IA.L2-3.5.4 | gdpr-se-05 |
| Audit Logging | AU.L2-3.3.1, AU.L2-3.3.2 | gdpr-se-02 |
| Encryption (Data at Rest) | SC.L2-3.13.11, MP.L2-3.8.6 | gdpr-se-04 |
| Encryption (Data in Transit) | SC.L2-3.13.8 | gdpr-se-04 |
| Media Sanitization | MP.L2-3.8.3 | gdpr-se-04, gdpr-pr-05 |
| Incident Response | IR.L2-3.6.1, IR.L2-3.6.2 | gdpr-bn-01 |
| Incident & Breach Reporting | IR.L2-3.6.3 | gdpr-bn-02, gdpr-bn-04 |
| Risk Assessment | RA.L2-3.11.1 | gdpr-se-02 |
| Security Testing | CA.L2-3.12.1, CA.L2-3.12.3 | gdpr-se-02 |
| Supplier Contracts | CA.L2-3.12.4, SC.L2-3.13.6 | gdpr-cp-04 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.