Stella Maris Governance LLC β CMMC Readiness Framework
Public CMMC Level 2 | NIST SP 800-171 | DFARS Readiness Artifacts
Overview
This repository contains the public CMMC readiness methodology, framework artifacts, and reference materials used by Stella Maris Governance LLC to support defense contractors preparing for CMMC Level 2 certification and DFARS compliance requirements.
All materials are aligned to: - CMMC Level 2 (Cybersecurity Maturity Model Certification) - NIST SP 800-171 Rev 2 (110 practices, 14 control families) - DFARS 252.204-7012 / 7019 / 7020 - DOD CUI Registry / NARA CUI Categories
CMMC Level 2 β Control Family Coverage
| Domain | Control Family | Practices |
|---|---|---|
| AC | Access Control | 22 |
| AT | Awareness & Training | 3 |
| AU | Audit & Accountability | 9 |
| CM | Configuration Management | 9 |
| IA | Identification & Authentication | 11 |
| IR | Incident Response | 3 |
| MA | Maintenance | 6 |
| MP | Media Protection | 9 |
| PE | Physical Protection | 6 |
| PS | Personnel Security | 2 |
| RA | Risk Assessment | 3 |
| CA | Security Assessment | 4 |
| SC | System & Communications Protection | 16 |
| SI | System & Information Integrity | 7 |
| Total | 14 Families | 110 |
Framework Components
CUI Scoping
Methodology for identifying Controlled Unclassified Information (CUI) data flows, defining system boundaries, and establishing the assessment scope. Based on DOD CUI Registry categories and NARA CUI taxonomy.
SSP Framework
System Security Plan structure aligned to NIST SP 800-171 Rev 2 requirements. Includes practice implementation statements, responsible role mapping, and evidence artifact references.
POA&M Framework
Plan of Action & Milestones structure for tracking gap closure. Includes practice scoring methodology, milestone definition standards, and risk prioritization criteria.
Assessment Model
Gap analysis methodology for scoring all 110 practices. Includes evidence sufficiency criteria, MET/NOT MET determination standards, and assessor preparation guidance.
Repository Structure
/cmmc-overview β CMMC program overview and regulatory context
/control-mapping β NIST SP 800-171 control family reference mapping
/ssp-framework β System Security Plan structure and templates
/poam-framework β Plan of Action & Milestones framework
/scoping-guidance β CUI scoping methodology and boundary definition
/assessment-model β Gap analysis methodology and scoring framework
Scope
Materials in this repository are public, client-safe readiness artifacts demonstrating the firm's CMMC methodology. All content is sanitized and illustrative.
Exclusions
Client-specific SSPs, completed POA&Ms, active assessment workpapers, CUI system boundary documentation, and evidence packages are maintained in the firm's internal source control environment and are not published here.
Stella Maris Governance LLC β Governance, compliance, and operational discipline for high-trust defense environments.