I've searched the group and elsewhere and seem to be finding conflicting and/or out-of-date information. My understanding is that CMMC Level 2 requires data to be kept on US based servers and only seen by staff that has passed a background check, so to me that indicates GCC-High. Am I correct, or would GCC suffice for level 2 compliance?