We're a small business working towards CMMC level 2. We've recently moved over to GCC High, and have been working through the Microsoft Purview Compliance Manager Base Data Protection Assessment to get the correct controls in place.

Would we be better off basing our configurations on the CMMC 2 template, or the NIST 800-171 template? Looks like the CMMC templates are included with GCC High, but we'd have to pay for the premium NIST 800-171 template. I realize that the NIST 800-171r2 is what the CMMC 2.0 rules will be based on, but are the assessment templates different enough that it would be worth the cost of using the NIST 800-171 template?