Level 3 [Expert]: Applicable to defense or aerospace contractors bidding on DoD contracts handling Critical CUI. Level 3 security requirements are expected to contain a subset of NIST SP 800-172. If the DFARS 252.204- 7012 requirement is in your current contracts and you have had a DIBCAC assessment, you are most likely in the Level 3 category