🕸️ Ada Research Browser

README.md
HomeResearch ReportsREADME.md
← Back

CMMC Assessment Tool

Contents

Instructions

The CMMC Assessment Tool was designed as an easy way to perform a self assessment of the controls for the Cybersecurity Maturity Model Certification DoD regulation Levels 1-3.

The Assessment Tool is broken up into multiple sections, each representing one of the 17 domains (ex. Access Control) as defined by CMMC Assessment Guide Version 1.10, as well as a Dashboard to provide an overall assessment of compliance. As the requirements for compliance are different for each of the levels, only the controls required for the specified Maturity Level will appear.

Each domain's section comprises of a list of controls and their respective objectives, as listed in CMMC Assessment Guide Version 1.10. Each objective has two drop-down menus associated with it: Policy Defined and Control Implemented. The options in the lists are weighted to provide a more accurate representation of the progress made towards becoming compliant. The description for each option in those menus is listed below.

The Policy Defined menu presents the options corresponding to a written policy for its objective. * No Policy: There is no policy in place, either written or oral. * Informal Policy: There is an oral policy in place, but no written policy. * Partially Written Policy: Only a partially written policy has been created. * Written Policy: A written policy has been created, but it has not officially been approved. * Approved Written Policy: A written policy has been created and officially been approved. * N/A: The Policy for this objective is not applicable to the business.

The Control Implemented menu presents the options corresponding to implementation of the controls for its objective. * Not Implemented: No control has been implemented. * Partially Implemented: Only part of the Policy for this objective has been implemented. * Implemented on Some: All parts of the Policy has been implemented, but only on some systems/areas. * Implemented on Most: All parts of the Policy has been implemented on most systems/areas. * Implemented on All: All parts of the Policy has been implemented on all systems/areas. * N/A: The Policy for this objective is not applicable to the business.

In addition to the assessing the completion of the CMMC controls and objectives, this tool also automatically calculate the SPRS score required to be sumbitted as part of DFARS Case 2019-D041 CMMC Interim Rule. The SPRS score is calculated based on the controls implemented and their associated point values, as determined by the NIST SP 800-171 DoD Assessment Methodology Version 1.2.

Please note that this is a self assessment, and as such, you will not be compliant until a Certified CMMC Assessor has performed an audit on your envionrment and determined that all controls have been fully implemented.

Terms and Conditions

This tool is offered without warranty or guarantee as to its accuracy, as a useful – but not infallible – method for providing a self assessment.

The Terms and Conditions set out below apply to the use of CMMC Assessment Tool. By using the CMMC Assessment Tool, you agree that you have read and accept these terms and conditions. If you do not agree to these Terms and Conditions, do not use the CMMC Assessment Tool.

Disclaimer

  1. All reasonable efforts were made to ensure that the information provided is free of errors and up to date, but it gives no guarantees as to the accuracy and completeness of that information or its fitness for any purpose whatsoever.

  2. Changes may be made to the material at any time without notice. Data and models may be out-of-date, and no commitment will be made to update it.

  3. The tool is provided ‘as is’, without any conditions, warranties or other terms of any kind. Accordingly, to the maximum extent permitted by law, you are provided with the tool on the basis that excludes all representations, warranties conditions, and other terms for which this legal notice might have effect in relation with the tool.

Liability

  1. No liability will be accepted for any loss or damage arising from the use of the tool.

  2. All liability and responsibility will be excluded for any amount or kind of loss and damage that may result to you or a third party (including without limitation, any direct, indirect, punitive, or consequential loss or damages), or loss of income, profits, goodwill, time, data, contracts, use of money, or loss or damages from or connected in any way to business interruption, and whether in tort (including, without limitation, negligence), contract, or otherwise in connection with the use, or inability to use, the results of the CMMC Assessment Tool, including but not limited to loss or damage due to viruses that may infect your computer equipment, software, data, or other property on account of your downloading and use of the CMMC Assessment Tool.

  3. Nothing in these terms and conditions shall exclude or limit liability for:

    1. death or personal injury caused by negligence;
    2. fraud; and
    3. any liability, which cannot be excluded or limited under applicable law.