This table shows the 16 compliance areas where CMMC 2.0 and NIS2 controls overlap. When you mark a control as implemented in either framework, Venvera automatically propagates the status to the equivalent control in the other.
| Compliance Area | CMMC 2.0 | NIS2 |
|---|---|---|
| Access Control | AC.L2-3.1.1, AC.L2-3.1.2 | nis2-hr-02 |
| Privileged Access | AC.L2-3.1.5, AC.L2-3.1.6 | nis2-hr-04 |
| Authentication & MFA | IA.L2-3.5.3, IA.L2-3.5.4 | nis2-mf-01 |
| Security Awareness & Training | AT.L2-3.2.1, AT.L2-3.2.2 | nis2-ch-02 |
| Audit Logging | AU.L2-3.3.1, AU.L2-3.3.2 | nis2-ea-02 |
| Configuration Management | CM.L2-3.4.1, CM.L2-3.4.2 | nis2-ss-04 |
| Change Control | CM.L2-3.4.3, CM.L2-3.4.4 | nis2-ss-04 |
| Incident Response | IR.L2-3.6.1, IR.L2-3.6.2 | nis2-ih-01 |
| Incident Reporting | IR.L2-3.6.3 | nis2-ih-02 |
| Vulnerability Management | RA.L2-3.11.2, RA.L2-3.11.3 | nis2-ss-02 |
| Risk Assessment | RA.L2-3.11.1 | nis2-ra-02, nis2-ra-03 |
| Security Assessment & Testing | CA.L2-3.12.1, CA.L2-3.12.3 | nis2-ea-01 |
| Encryption | SC.L2-3.13.8, SC.L2-3.13.11 | nis2-cr-01 |
| Network Security | SC.L2-3.13.1, SC.L2-3.13.5 | nis2-ch-01 |
| Business Continuity | SC.L2-3.13.13 | nis2-bc-01 |
| Supply Chain Security | CA.L2-3.12.4, SC.L2-3.13.6 | nis2-sc-01, nis2-sc-02 |
For details on how propagation works, thresholds, and the auto-mapped badge, see the Cross-Framework Control Propagation overview article.