πŸ•ΈοΈ Ada Research Browser

phase2-complete.md
Homeβ€ΊResearch Reportsβ€Ίphase2-complete.md
← Back

CMMC Repo Research β€” Phase 2 Complete

Completed: 2026-03-11

Summary

Phase 2 extended the CMMC repository research collection from 26 repos to 50 downloaded (56 in inventory including skipped).

What Was Done

Step 1: Downloaded 20 new repos from Sean's list

Step 2: GitHub API searches

Ran 4 searches (cmmc+2.0+compliance+tracker, nist+800-171+assessment, cmmc+ssp+template, cmmc+poam). No new repos surfaced beyond what was already in the collection. Top results were all already downloaded.

Bonus downloads from search results: - mattj23/cmmc-gen-model (5 stars β€” highly useful) - sean-m-sweeney/GoogleWorkspaceAudit (Claude MCP audit tool) - dylan-security-journey/nist-800-171-assessment-simulation (SSP/POA&M example) - kaustuvdutta/CMMC-Level-3-Assessment-of-a-Client (assessment case study)

Step 3: Extracted all 24 new zips

All extracted to extracted/ directory.

Step 4: Wrote scan notes

24 scan notes written to scan-notes/ covering all new repos.

Step 5: Updated report.md and inventory.json

Top Phase 2 Finds

Repo Why It Matters
mattj23/cmmc-gen-model Python β†’ structured CMMC+NIST+OSCAL data model from authoritative sources
TEKIMAX/cmmc-level-1-compliance Production React app for CMMC L1, AI chat, self-hosted
morbidsteve/sre-platform Compliance-ready K8s (16 components), has Proxmox getting-started guide
stella-maris-governance/* (3 repos) Real SDVOSB advisory firm's templates + methodology + C-SCRM framework
sean-m-sweeney/GoogleWorkspaceAudit Claude MCP + Google Workspace = automated CMMC compliance checks
capetron IR repos (3) Incident response templates + training materials for CMMC IR/AT domains

Notable Gap Filled

Supply Chain Risk (SR domain) β€” smg-supply-chain-risk-governance covers C-SCRM / NIST 800-161, which had almost no representation in Phase 1.

Files Changed