🛡️ Free Tool · No account required

Know Your CMMC Readiness
in 3 Minutes

10 questions. Weighted scoring across every CMMC Level 2 domain. Your score, top gaps, and what to fix first — before your C3PAO assessment.

79,000+ contractors face Nov 2026 deadline
Results in <60 seconds
No account needed
Question 1 of 10
What type of Controlled Unclassified Information (CUI) does your organization handle?
Select all that apply. This determines your CMMC scope and applicable overlays.
Question 2 of 10
Does your organization have a documented System Security Plan (SSP)?
An SSP maps your IT environment to NIST 800-171 controls. Required for CMMC Level 2.
Question 3 of 10
How many of the 110 NIST 800-171 Rev 2 controls have you implemented?
Include controls marked as "implemented" in your SPRS self-assessment. Partial credit is scored separately.
55 / 110 controls
0 28 55 83 110
Question 4 of 10
Do you have a documented Incident Response (IR) plan?
IR.2.092–IR.2.093 require a written plan that is tested at least annually. Tabletop exercises count.
Question 5 of 10
Is your CUI environment segmented from general business networks?
SC.3.177 requires logical or physical separation of systems that process CUI from other networks.
Question 6 of 10
Is Multi-Factor Authentication (MFA) enforced on all CUI systems?
IA.3.083 requires MFA for privileged accounts and all remote access to CUI environments.
Question 7 of 10
When is your contract CMMC assessment deadline?
CMMC Level 2 required in all new DoD contracts by Nov 2026 (32 CFR Part 170). Check your contract DFARS clauses.
Question 8 of 10
Have you engaged a Certified Third-Party Assessment Organization (C3PAO)?
C3PAO assessment windows are booking out 4–8 months. Check authorized assessors at cyberAB.org.
Question 9 of 10
How many employees access CUI at your organization?
This affects your CUI boundary scope and assessment complexity. Include remote workers.
Question 10 of 10
What is your current SPRS (Supplier Performance Risk System) score?
DFARS 252.204-7019 requires DoD contractors to submit a SPRS score. Range is -203 to +110. Enter your score or click "I don't know."

out of 100

Calculating your score…

CMMC Level 2 required by November 2026 · 32 CFR Part 170

Your Top Priority Gaps

[AI-GENERATED / Self-Reported] This score is calculated from your self-reported answers and weighted against CMMC Level 2 / NIST 800-171 requirements. It is for informational purposes only and does not constitute a formal CMMC assessment. Actual certification requires a third-party assessment by an authorized C3PAO. Consult a Registered Practitioner Organization (RPO) before making compliance decisions. Last updated May 2026 per 32 CFR Part 170.