CMMC 2.0 Level 1 and Level 2 certification documentation templates for small business: Deep Research Report
Generated: 2026-03-07 12:51 UTC | Run: cmmc-templates-v2 | Sources: 79 | Workers: 5
Executive Summary
[To be filled in by the synthesizing agent or manually]
Top Sources (Quality Ranked)
- [5/5] CMMC Assessment Guide Level 2 v2.13 - DoD CIO (worker: academic)
- [5/5] CMMC Self-Assessment Guide Level 1 v2.0 - DoD CIO (worker: academic)
- [5/5] NIST SSP Template for 800-171 (CMMC Level 2) (worker: academic)
- [5/5] NIST POAM Template for 800-171 (CMMC Level 2) (worker: academic)
- [5/5] DoD CIO - CMMC Resources & Documentation (worker: academic)
- [5/5] NIST MEP - Cybersecurity Services for Manufacturers (worker: academic)
- [5/5] NIST Handbook 162 - MEP Cybersecurity Self-Assessment Handbook (worker: academic)
- [5/5] NIST MEP - Compliance with Cybersecurity Laws and Regulations (worker: academic)
- [5/5] CMU CMMC v2 Level 2 SSP Template (Direct Download) (worker: community)
- [5/5] NIST CUI SSP Template (Direct Download) (worker: community)
- [5/5] NIST SP 800-171 POA&M Template (Direct Download) (worker: community)
- [5/5] CMMC Resources & Documentation - DoD CIO (worker: gov)
- [5/5] CMMC Assessment Guide β Level 1 (Current v2.13) (worker: gov)
- [5/5] CMMC Assessment Guide β Level 1 v2.13 (worker: gov)
- [5/5] CMMC Assessment Guide β Level 2 (Current) (worker: gov)
Full Worker Results
Worker: academic
CMMC 2.0 Templates Research - Academic/Nonprofit/DIB Domain
Worker: academic | Started: 2026-03-07T12:41:00Z
[4/5] CMU SSP Template - CMMC v2 Level 2
- Type: university
- Relevance: Carnegie Mellon University provides a CMMC v2 Level 2 SSP template as a direct .docx download
- Key findings:
- Direct SSP template for CMMC v2 Level 2 from CMU ISO
- Part of CMU's NIST 800-171 compliance resources
- Direct downloads: https://www.cmu.edu/iso/compliance/800-171/cmu-ssp-template-cmmcv2lvl2.docx
- Fetched: 2026-03-07T12:41:30Z (binary skip)
[4/5] CMU SSP Template - CMMC Level 3
- Type: university
- Relevance: CMU also provides a CMMC Level 3 SSP template
- Key findings:
- Direct SSP template for CMMC Level 3 from CMU ISO
- Direct downloads: https://www.cmu.edu/iso/compliance/800-171/cmu-ssp-template-cmmc-lvl3.docx
- Fetched: 2026-03-07T12:41:30Z (binary skip)
[4/5] CMU SSP Template (General)
- Type: university
- Relevance: General CMU SSP template for NIST 800-171/CMMC compliance
- Key findings:
- General-purpose SSP template from CMU ISO
- Direct downloads: https://www.cmu.edu/iso/compliance/800-171/CMU%20SSP%20Template.docx
- Fetched: 2026-03-07T12:41:30Z (binary skip)
[4/5] CMMC Level 1 System Security Plan Template - University of Washington
- Type: university
- Relevance: University of Washington IT provides a CMMC Level 1 SSP template as a direct .docx download
- Key findings:
- Free CMMC Level 1 SSP template from UW
- Updated January 2024
- Direct downloads: https://it.uw.edu/wp-content/uploads/2024/01/CMMC_Level_1_Template.docx
- Fetched: 2026-03-07T12:41:30Z (binary skip)
[2/5] CMMC Compliance Essentials Webinar - Schoolcraft College APEX Accelerator
- Type: university/nonprofit (APEX Accelerator = PTAC)
- Relevance: Schoolcraft College APEX Accelerator hosts CMMC webinar with SSP template review
- Key findings:
- APEX Accelerator (formerly PTAC) at Schoolcraft College
- Webinar reviews SSP templates for CMMC certification
- Hosted with Meerkat Cyber
- Direct downloads: none (event page)
- Fetched: 2026-03-07T12:41:30Z (pending fetch)
[4/5] CMU ISO - NIST 800-171 / CMMC Compliance Resources
- Type: university
- Relevance: CMU Information Security Office hosts multiple SSP templates for CMMC compliance, freely available
- Key findings:
- Offers "CMU System Security Plan Template - CMMCv2 v1.1" (latest)
- Also provides "Revision 3 System Security Plan Template"
- Templates can be used/modified without warranties or guarantees
- Last updated: 11/19/2024
- Also links to NIST SP 800-171 r2 and r3 official docs
- Direct downloads: https://www.cmu.edu/iso/compliance/800-171/cmu-ssp-template-cmmcv2lvl2.docx
- Fetched: 2026-03-07T12:42:00Z
[4/5] Free CMMC Resource Kit - Indiana APEX Accelerator
- Type: nonprofit (APEX Accelerator / PTAC successor)
- Relevance: Indiana APEX Accelerator highlights free CMMC resources including Project Spectrum for small/medium DIB businesses
- Key findings:
- Points to Project Spectrum (DoD initiative) for free CMMC Level 1, 2, & 3 courses
- Free CMMC Level 1 & 2 assessments available at projectspectrum.io
- Free Cyber Advisor support via support@projectspectrum.io
- DFARS rule live; Phase 1 began November 10, 2025
- APEX Accelerators are DoD-funded assistance centers (free to businesses)
- Direct downloads: none (links out to projectspectrum.io)
- Fetched: 2026-03-07T12:43:00Z
[4/5] CMMC Resources - Maryland APEX Accelerator
- Type: nonprofit (APEX Accelerator)
- Relevance: Maryland APEX Accelerator curated CMMC resource list including financial assistance programs and free tools
- Key findings:
- Maryland DCAP: funded SSP development + POAM creation for MD manufacturers via Maryland MEP
- JHU Applied Physics Laboratory provides government CMMC resource collection
- CMMC Information Institute: free and affordable templates, training videos for small businesses
- Project Spectrum: free readiness assessments and training for SMBs
- Defense Acquisition University (DAU): free/low-cost training for DoD contractors
- Buy Maryland Cybersecurity Tax Credit: up to $50K annually for cybersecurity purchases
- Downloadable resource list available (PDF/doc)
- Direct downloads: https://www.marylandapex.org/cmmcresources (download link for resource list mentioned)
- Fetched: 2026-03-07T12:43:30Z
[5/5] CMMC Assessment Guide Level 2 v2.13 - DoD CIO
- Type: official doc (DoD)
- Relevance: Official DoD CMMC Level 2 Assessment Guide, the authoritative reference for Level 2 certification
- Key findings:
- Official assessment criteria for CMMC Level 2
- Applies to organizations handling CUI
- Direct PDF download from dodcio.defense.gov
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2v2.pdf
- Fetched: 2026-03-07T12:44:00Z (binary skip)
[5/5] CMMC Self-Assessment Guide Level 1 v2.0 - DoD CIO
- Type: official doc (DoD)
- Relevance: Official DoD CMMC Level 1 Self-Assessment Guide, required reference for self-certification
- Key findings:
- Covers 15 basic safeguarding requirements (FAR Clause 52.204-21)
- Designed for self-assessment; no third-party assessor required for Level 1
- Free PDF download
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level1_V2.0_FinalDraft_20211210_508.pdf
- Fetched: 2026-03-07T12:44:00Z (binary skip)
[3/5] CMMC Toolkit Wiki - Level 1 Self-Assessment Guide
- Type: nonprofit/community (CMMC Toolkit Wiki)
- Relevance: Community wiki version of DoD CMMC Level 1 Self-Assessment Guide with all 15 control descriptions
- Key findings:
- Based on official CMMC Level 1 Self-Assessment Guide v2.13 (September 2024)
- Covers all 15 Level 1 requirements across AC, IA, MP, PE, SC, SI domains
- Free, navigable web format β easier to read than PDF
- Links to Level 2 and Level 3 assessment guides
- DISTRIBUTION STATEMENT A β approved for public release
- Direct downloads: none (wiki page)
- Fetched: 2026-03-07T12:44:30Z
[4/5] Project Spectrum - DoD Free CMMC Resources
- Type: official nonprofit (DoD-funded initiative)
- Relevance: DoD Project Spectrum provides free CMMC training, assessments, and advisor support for small/medium DIB businesses
- Key findings:
- Free CMMC Level 1, 2, & 3 online courses
- Free CMMC Level 1 & 2 self-assessments
- Free Cyber Advisor consultations
- Targeted at small and medium-sized DIB businesses
- Phase 1 CMMC implementation began November 10, 2025
- Direct downloads: none (account registration required β free)
- Fetched: 2026-03-07T12:44:30Z (JS-rendered, limited data)
[3/5] CMMC Policy Templates & Tools - CMMCAudit.org
- Type: nonprofit/community (CMMC practitioner community)
- Relevance: Comprehensive curated list of free and paid CMMC policy templates and tools with independent reviews
- Key findings:
- NIST SSP Template (free, official): https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
- NIST POAM Template (free, official): https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- SERDP/ESTCP DoD Environmental Research Programs: ~20 free downloadable policy/procedure templates in .docx
- SANS Institute free security policies (not CMMC-specific, need adaptation)
- StateRAMP policy templates (FedRAMP-level, overkill for CMMC)
- Regulatedresearch.org SSP (free for .edu emails): 42 NIST 800-171/CMMC Level 2 control responses
- Updated: October 24, 2024
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
- Fetched: 2026-03-07T12:45:00Z
[4/5] Regulated Research Community of Practice - SSP Resource
- Type: university/nonprofit (research university community)
- Relevance: University-community-developed SSP with 42 NIST 800-171/CMMC Level 2 control responses, free for .edu email holders
- Key findings:
- Created by national experts from 50+ universities (CMU, Auburn, Case Western, Purdue, etc.)
- Documents consensus implementation strategies for 42 selected controls
- Full-day workshop output β practical, real-world SSP example
- Request free access with .edu email
- Covers NIST 800-171 / CMMC Level 2 requirements
- Also includes workshops on "Sustainable Compliance Documentation", "Ask the Assessor", "Policy Hierarchy"
- Direct downloads: email-gated (requires .edu email)
- Fetched: 2026-03-07T12:45:00Z
[5/5] NIST SSP Template for 800-171 (CMMC Level 2)
- Type: official doc (NIST)
- Relevance: Official NIST System Security Plan template for DFARS/CMMC Level 2 compliance
- Key findings:
- The official SSP template for NIST SP 800-171 Rev 2
- Required for DoD contractors holding CUI
- Free, no registration required
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
- Fetched: 2026-03-07T12:45:00Z (binary skip)
[5/5] NIST POAM Template for 800-171 (CMMC Level 2)
- Type: official doc (NIST)
- Relevance: Official NIST Plan of Action & Milestones template for DFARS/CMMC compliance
- Key findings:
- Required companion document to SSP for CMMC Level 2
- Free official template from NIST
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- Fetched: 2026-03-07T12:45:00Z (binary skip)
[5/5] DoD CIO - CMMC Resources & Documentation
- Type: official doc (DoD CIO)
- Relevance: The authoritative hub for all official CMMC documents β assessment guides, scoping guidance, briefings for Level 1 and Level 2
- Key findings:
- CMMC Level 1 Self-Assessment Guide (direct PDF): https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level1_V2.0_FinalDraft_20211210_508.pdf
- CMMC Level 1 Scoping Guidance (direct PDF)
- CMMC Level 2 Assessment Guide (direct PDF): https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2v2.pdf
- CMMC Level 2 Scoping Guidance (direct PDF)
- CMMC Model Overview (direct PDF): https://dodcio.defense.gov/Portals/0/Documents/CMMC/ModelOverview.pdf
- CMMC 101 Brief (direct PDF)
- Feb 2025 briefings: SPRS submission, eMASS, FedRAMP Equivalency, Technical Implementation
- External links: CyberAB CAP, DFARS clauses, NIST 800-171 rev 2, SPRS, DAU courses
- Phase 1 Implementation (Nov 10, 2025 - Nov 9, 2026) focused on Level 1 & 2 self-assessments
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2v2.pdf (and many others on page)
- Fetched: 2026-03-07T12:46:00Z
[4/5] CyberAB (CMMC Accreditation Body)
- Type: nonprofit (CMMC Accreditation Body)
- Relevance: The official CMMC accreditation body providing assessor directory, CMMC Assessment Process (CAP), and marketplace
- Key findings:
- Provides CMMC Assessment Process (CAP) as a free download
- CMMC Marketplace: find accredited C3PAOs and RPOs
- Code of Professional Conduct (CoPC) download
- Title 32 Final Rule download
- Town Hall webinars on CMMC implementation
- OSCs (Organizations Seeking Certification) can find DIB guidance here
- Direct downloads: https://cyberab.org (CAP download available on site)
- Fetched: 2026-03-07T12:46:30Z
[5/5] NIST MEP - Cybersecurity Services for Manufacturers
- Type: official doc (NIST MEP)
- Relevance: NIST Manufacturing Extension Partnership provides free and subsidized CMMC/800-171 compliance help for small manufacturers; mentions NIST Handbook 162 as key self-assessment resource
- Key findings:
- MEP Centers in every state provide free/low-cost CMMC compliance guidance
- Experts guide through NIST Cybersecurity Framework self-assessment
- Help with DFARS cybersecurity requirements for DoD supply chain
- NIST Handbook 162 is the key self-assessment handbook for 800-171/CMMC
- MEP Louisiana success story: helped manufacturer complete compliance documentation
- Find your local MEP Center: https://www.nist.gov/mep/mep-national-network
- Direct downloads: none (service locator page)
- Fetched: 2026-03-07T12:47:00Z
[5/5] NIST Handbook 162 - MEP Cybersecurity Self-Assessment Handbook
- Type: official doc (NIST MEP)
- Relevance: The definitive step-by-step self-assessment handbook for small manufacturers assessing NIST SP 800-171 (CMMC Level 2 foundation)
- Key findings:
- Free official NIST publication for small manufacturers
- Step-by-step guide to assessing against all NIST SP 800-171 Rev 1 requirements
- Written specifically for DoD supply chain manufacturers (DFARS context)
- Also mirrored at: https://ncmargc.org/resources/NIST.HB.162.pdf
- Available free from: https://doi.org/10.6028/NIST.HB.162
- Direct downloads: https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf
- Fetched: 2026-03-07T12:47:30Z (binary skip)
[5/5] NIST MEP - Compliance with Cybersecurity Laws and Regulations
- Type: official doc (NIST)
- Relevance: NIST MEP page specifically for cybersecurity compliance resources for small manufacturers including CMMC and 800-171
- Key findings:
- Lists NIST Handbook 162 as key resource
- Links to DFARS compliance resources
- MEP Centers provide local hands-on assistance (often subsidized/free for small manufacturers)
- Direct downloads: none (resource hub page)
- Fetched: 2026-03-07T12:47:30Z
[3/5] ComplyUp - Free CMMC SSP Template v2.0
- Type: consulting (compliance software company)
- Relevance: Free CMMC SSP template covering CMMC Levels 1-3, email-gated download
- Key findings:
- CMMC SSP Template v2.0 (latest)
- Covers CA.L2-3.12.4 (SSP), CA.L2-3.12.2 (POAM) requirements
- Email required for download; mailing list opt-in
- Backed by CMMC assessment software platform
- Direct downloads: email-gated (https://complyup.com/cmmc-ssp-template/)
- Fetched: 2026-03-07T12:48:00Z
[2/5] Hive Systems - Free CMMC 2.0 SSP Template
- Type: consulting
- Relevance: Free CMMC 2.0 SSP template with pre-formatted control family sections and guidance notes
- Key findings:
- Pre-formatted for all CMMC 2.0 control families
- Includes inline guidance notes for each control
- Responsibility and status trackers
- Editable in Word or PDF
- Registration (email) required for download
- Direct downloads: email-gated (https://www.hivesystems.com/cmmc101-ssp)
- Fetched: 2026-03-07T12:48:00Z
[4/5] Regulated Research Community of Practice - Tools & Templates
- Type: university/nonprofit (multi-university research community, NSF-supported)
- Relevance: Comprehensive collection of university-developed CMMC/NIST 800-171 templates, SSPs, and compliance matrices β all free
- Key findings:
- EDUCAUSE 800-171 Community Group Toolkit (higher ed focused)
- Community Developed SSP with 43 controls (consensus from 50+ universities)
- CMMC Level 2 Assessment Controls and Objectives (Michael Wilson, UConn, 2026)
- Wendy Epley's NIST 800-171 Self Assessment (2024)
- Indiana University DFARS-SSP-Template (Anurag Shankar, 2022) β Google Sheets, copy-and-use
- University of Alaska Compliance Matrix (Sean Hagan) β covers CMMC, HIPAA, PCI, GLBA, 800-171, NSPM-33
- Brigham Young University NIST 800-171 Template (policies, effort, severity scoring)
- Berkeley's Change Management Template
- NIST CRSC CUI SSP Templates (Word format)
- CISA free cybersecurity tools (100+ tools for risk reduction)
- NSF-funded community (Grant #2409859), free for all
- Direct downloads: Multiple free Google Sheets/Docs templates (no email required for most)
- Fetched: 2026-03-07T12:49:00Z
[4/5] EDUCAUSE NIST SP 800-171 Toolkit
- Type: university/nonprofit (EDUCAUSE β higher education IT association)
- Relevance: Higher-education-specific NIST 800-171/CMMC compliance toolkit from community working group of 600+ member institutions
- Key findings:
- NIST SP 800-171 overview for higher ed
- "7 Things You Should Know About CMMC" stakeholder briefing document
- Project phase planning questions
- Customizable control evaluation template
- Developed by HEISC 800-171 Community Group (nearly 600 higher ed members)
- Free, publicly available (EDUCAUSE Library)
- Direct downloads: free downloads via EDUCAUSE Library (https://library.educause.edu/resources/2022/9/nist-sp-800-171-toolkit)
- Fetched: 2026-03-07T12:49:30Z
[4/5] EDUCAUSE NIST SP 800-171 Compliance Template
- Type: university/nonprofit (EDUCAUSE)
- Relevance: Compliance template mapping NIST SP 800-171 requirements to other standards; includes suggested control responses for higher education
- Key findings:
- Maps 800-171 to other common security standards used in higher education
- Provides suggested responses to controls (useful for SSP narrative writing)
- Free download from EDUCAUSE Library
- Direct downloads: https://library.educause.edu/resources/2016/9/nist-sp-800-171-compliance-template
- Fetched: 2026-03-07T12:49:30Z
[4/5] Purdue MEP - Free CMMC Level 1 Assessments for Small Businesses
- Type: university (Purdue MEP, part of NIST MEP National Network)
- Relevance: Purdue University MEP offered fully-funded CMMC Level 1 self-assessments for Indiana small businesses (SBA-funded)
- Key findings:
- Free CMMC Level 1 assessment and implementation assistance for Indiana small businesses
- Funded by SBA through Indiana Economic Development Corporation (IEDC)
- Purdue MEP works directly with businesses to implement required cybersecurity defenses
- Contact: Gene Jones, jonesew@purdue.edu (765-496-1200)
- Model replicable: other MEP Centers across all 50 states offer similar (sometimes subsidized) services
- CMMC Level 1 Self-Assessment expands ability to bid on federal/DoD contracts
- Direct downloads: none (program announcement)
- Fetched: 2026-03-07T12:50:00Z
[4/5] University of Washington IT - CMMC Level 1 SSP Template
- Type: university
- Relevance: UW IT provides a CMMC Level 1 SSP template as a direct .docx download, updated January 2024
- Key findings:
- Free CMMC Level 1 System Security Plan template
- No registration required β direct .docx download
- Updated January 2024 (post-CMMC 2.0 finalization)
- From UW's IT security team with institutional knowledge of higher ed contexts
- Direct downloads: https://it.uw.edu/wp-content/uploads/2024/01/CMMC_Level_1_Template.docx
- Fetched: 2026-03-07T12:50:30Z (binary skip β direct link confirmed)
[2/5] Totem Tech - How to Perform CMMC Level 1 Self-Assessment & SPRS Reporting
- Type: consulting (small business CMMC specialist)
- Relevance: Practical step-by-step guide for DIB small businesses on how to conduct and submit CMMC Level 1 self-assessment to SPRS
- Key findings:
- Covers all 15 FAR 52.204-21 safeguards and 59 assessment objectives (NIST 800-171A r2)
- Explains SPRS registration and score submission process
- CMMC Level 1 Readiness Workshops available (paid, but free content)
- CMMC Level 1 Facilitator certification available for compliance professionals
- Offers free tools: CMMC Timeline, DFARS Cybersecurity E-Book, Totem Top 10 list
- Updated January 2025 (current Phase 1 context)
- Direct downloads: none (blog post; free tools listed on site)
- Fetched: 2026-03-07T12:51:00Z
Summary of Key Findings
Top Free Direct Downloads (No Registration)
| Resource | URL | Score |
|---|---|---|
| NIST SSP Template (official, .docx) | https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx | 5 |
| NIST POAM Template (official, .docx) | https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx | 5 |
| CMU SSP Template - CMMCv2 Level 2 | https://www.cmu.edu/iso/compliance/800-171/cmu-ssp-template-cmmcv2lvl2.docx | 4 |
| UW CMMC Level 1 Template | https://it.uw.edu/wp-content/uploads/2024/01/CMMC_Level_1_Template.docx | 4 |
| NIST Handbook 162 (MEP Self-Assessment) | https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf | 5 |
| DoD CMMC L1 Self-Assessment Guide | https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level1_V2.0_FinalDraft_20211210_508.pdf | 5 |
| DoD CMMC L2 Assessment Guide | https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2v2.pdf | 5 |
Top Free Platforms (Registration Required)
- Project Spectrum (projectspectrum.io) β free CMMC L1/L2/L3 courses + assessments + advisor (DoD-funded)
- Regulated Research CoP (regulatedresearch.org) β 10+ university-developed templates; SSP free with .edu email
- EDUCAUSE 800-171 Toolkit (library.educause.edu) β higher ed control evaluation templates (free)
Best MEP/APEX Resources for Small Businesses
- Local MEP Center (find at nist.gov/mep) β free to subsidized CMMC consulting in all 50 states
- APEX Accelerators (formerly PTACs) β free CMMC workshops and assistance
- Indiana APEX Accelerator β Project Spectrum referral
- Maryland APEX β DCAP funding for SSP development
- Purdue MEP β ran SBA-funded free Level 1 assessments for Indiana businesses
Worker: community
Community Research Results: CMMC 2.0 Templates
Worker: community | Domain: Community resources Started: 2026-03-07T12:41:00Z
[5/5] CMU CMMC v2 Level 2 SSP Template (Direct Download)
- Type: official doc (university)
- Relevance: Carnegie Mellon University SSP template specifically for CMMC v2 Level 2
- Key findings:
- Direct .docx download from CMU ISO compliance page
- Covers CMMC v2 Level 2 (110 controls, NIST 800-171)
- Direct downloads: https://www.cmu.edu/iso/compliance/800-171/cmu-ssp-template-cmmcv2lvl2.docx
- Fetched: 2026-03-07T12:41:00Z (binary skip)
[5/5] NIST CUI SSP Template (Direct Download)
- Type: official doc (NIST/gov)
- Relevance: Official NIST SP 800-171 CUI System Security Plan template from NIST CSRC
- Key findings:
- Official NIST template for 800-171 r2 β directly applicable to CMMC Level 2
- Free, no registration
- Direct downloads: https://csrc.nist.gov/files/pubs/sp/800/171/r2/upd1/final/docs/cui-ssp-template-final.docx
- Fetched: 2026-03-07T12:41:00Z (binary skip)
[4/5] University of Washington CMMC Level 1 SSP Template (Direct Download)
- Type: official doc (university)
- Relevance: UW IT's CMMC Level 1 System Security Plan template β free .docx
- Key findings:
- Covers all 17 CMMC Level 1 practices
- Published January 2024
- Direct downloads: https://it.uw.edu/wp-content/uploads/2024/01/CMMC_Level_1_Template.docx
- Fetched: 2026-03-07T12:41:00Z (binary skip)
[4/5] University of Alaska Fairbanks CMMC Level 1 Security Plan Template (Direct Download)
- Type: official doc (university)
- Relevance: UAF CMMC Level 1 Security Plan Template .docx β another free university resource
- Key findings:
- Covers CMMC Level 1 requirements
- From a grants/contracts administration office
- Direct downloads: https://www.uaf.edu/ogca/lifecycle/6-management/managing_nonfinancial/CMMC_Level_1_-Security%20Plan%20Template-050721.docx
- Fetched: 2026-03-07T12:41:00Z (binary skip)
[3/5] cmmcaudit.org - Policy Templates and Tools for CMMC and 800-171](https://www.cmmcaudit.org/policy-templates-and-tools-for-cmmc-and-800-171/)
- Type: community resource / curated list
- Relevance: Comprehensive community-maintained list of free and paid CMMC/800-171 documentation templates, reviewed by practitioners
- Key findings:
- DoD ESTCP has ~20 free downloadable docs: Incident Response forms, IT policy templates β best free set per site author (https://www.serdp-estcp.org/Tools-and-Training/Installation-Energy-and-Water/Cybersecurity/Templates-and-Checklists)
- NIST official SSP template: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
- NIST official POA&M template: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- SANS security policies (not CMMC-specific, need rework): https://www.sans.org/information-security-policy/
- StateRAMP policy templates (overkill but useful for FedRAMP): https://stateramp.org/templates-resources/
- Educational institutions SSP (free with .edu email, ~40 sample responses): https://www.regulatedresearch.org/resources/peer-practices/ssp
- Kieri Solutions paid package (sponsored): https://www.kieri.com/kcd
- Shared Responsibility Matrix template mentioned but URL cut off
- Updated April 2024
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx, https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- Fetched: 2026-03-07T12:43:00Z
[3/5] cmmcaudit.org - CMMC Audit Preparation Homepage
- Type: community resource site
- Relevance: Community-run site (by Amira Armond) with top 10 CMMC resources, articles, and links to templates/tools β frequently referenced in r/CMMC
- Key findings:
- Lists top 10 CMMC resources including CMMC Final Rule (32CFR), DoD homepage, Cyber-AB, DIBCAC resources
- DIBCAC page has self-assessment database and pre-assessment packages
- NIST SP 800-171 DoD Assessment Methodology document linked (scoring for SPRS)
- Points to security policy templates/tools subpage (cmmcaudit.org/policy-templates-and-tools-for-cmmc-and-800-171/)
- Recent articles: CMMC Compliance FAQs (Dec 2025), Assessment Timeline, Scoping guides
- Active community site, updated through late 2025
- Direct downloads: none (hub page)
- Fetched: 2026-03-07T12:44:00Z
[1/5] r/CMMC - Demystifying CMMC for Small Businesses (Part 2)
- Type: reddit thread
- Relevance: Real-world cost breakdown and strategy for small business CMMC Level 2 certification, including documentation template costs
- Key findings:
- Initial quotes ranged $100Kβ$336K for full CMMC implementation; author reduced to ~$45K year 1
- Key strategy: scope reduction via CUI enclave (10β15 people/devices)
- FedRAMP cloud (Microsoft GCC High): ~$10,000/yr
- Documentation templates (Kieri.com): $4,700 one-time; architecture guide: $9,700
- Ongoing Kieri subscription: $1,800/yr for template updates
- Recommends NIST SP 800-171A Rev 2 as technical guide: https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final
- Non-technical person successfully implemented full CMMC Level 2 using Kieri product
- June 2025 post β current/relevant
- Direct downloads: none
- Fetched: 2026-03-07T12:45:00Z
[1/5] r/CMMC - Documentation Template Packages
- Type: reddit thread
- Relevance: Community discussion comparing CMMC documentation template vendors
- Key findings:
- Main vendors discussed: Kieri LLC and ComplianceForge (NCP compliance package)
- ComplianceForge NCP package URL: https://complianceforge.com/cmmc-nist-800-171-templates/
- PreVeil mentioned offering free compliance package (SSP, Policy Templates, CRM, POA&M, CMMC SOPs): https://www.preveil.com/compliance-package/
- Community confirms ChatGPT-generated docs are risky/not recommended for actual assessments
- Both Kieri and ComplianceForge have been used successfully in DIBCAC assessments
- Direct downloads: none
- Fetched: 2026-03-07T12:46:00Z
[2/5] PreVeil Compliance Accelerator Package
- Type: consulting page (vendor)
- Relevance: Commercially available but community-highly-recommended CMMC Level 2 documentation package (SSP, SOPs, SRM, checklists) β validated by C3PAO
- Key findings:
- Includes: SSP (110 controls/320 objectives), SOPs for all 14 control families, Shared Responsibility Matrix, Network & CUI Flow Diagrams, Assessment Checklists
- Assessor-validated by external C3PAO β used by 75+ contractors to achieve CMMC
- Multiple contractors report perfect 110 scores using this package
- DoD estimates documentation alone costs $150K; PreVeil claims 80% reduction
- 2,500 defense contractors use PreVeil
- Includes 1:1 access to Certified CMMC Professionals
- Community frequently recommends this on r/CMMC (not free β paid product)
- Direct downloads: none (paid product, requires account)
- Fetched: 2026-03-07T12:47:00Z
[2/5] RADICL CMMC Level 1 Template Toolkit
- Type: consulting page (vendor with free templates)
- Relevance: Free, editable Word format templates for ALL CMMC Level 1 requirements with control mapping β comprehensive and immediately downloadable
- Key findings:
- Full package downloadable: "CMMC Level 1 Template Package" (full set)
- Individual templates include: Physical Access Authorized Personnel, Physical Security Policy, Visitor Log, Device Inventory, Access Control Policy, SSP, and more
- Each template maps to specific CMMC Level 1 practice objectives (e.g., PE.L1-3.10.1, AC.L1-3.1.1)
- Available in editable Word format β no registration appears required
- Updated July 22, 2024
- Includes RADICL CMMC Level 1 SSP template
- 1-page reference PDF with links to all templates available
- Direct downloads: https://radicl.com/cmmc-level-1-template-toolkit (individual .docx downloads per template, full package bundle available)
- Fetched: 2026-03-07T12:47:00Z
[2/5] Sprinto - CMMC Compliance Templates (Free Policies)
- Type: blog/consulting page
- Relevance: Overview of CMMC compliance templates with links to free downloadable policies for all 14 NIST 800-171 control families
- Key findings:
- Covers all 14 control families: Access Control, Awareness & Training, Audit & Accountability, Configuration Management, Identification & Authentication, Incident Response, Maintenance, Media Protection, Physical Protection, Personnel Security, Risk Assessment, Security Assessment, System & Comms Protection, System & Info Integrity
- Provides free policy templates downloadable from site (March 2025)
- Good for Level 2 (110 controls, NIST 800-171)
- Blog provides context on what each policy should contain
- Direct downloads: https://sprinto.com/blog/cmmc-compliance-templates/ (free policy templates linked within post)
- Fetched: 2026-03-07T12:48:00Z
[3/5] DoD SERDP/ESTCP Cybersecurity Templates and Checklists
- Type: official doc (DoD)
- Relevance: DoD-maintained cybersecurity templates/checklists page β rated "best free template set on the internet" by cmmcaudit.org; includes IT policy and incident response forms
- Key findings:
- ~20 downloadable documents covering RMF, FRCS, NIST 800-171 requirements
- Includes IT Policies and Procedures template (comprehensive, multiple standard policies in one document)
- Incident Response forms included
- Now available in DOC (Word) format for easy editing
- No sign-up required
- Documents updated 2018β2019 (may need review for CMMC 2.0 specifics)
- Focused on DoD contractors and facility-related control systems but widely applicable
- Direct downloads: Multiple .docx files at https://www.serdp-estcp.org/Tools-and-Training/Installation-Energy-and-Water/Cybersecurity/Templates-and-Checklists
- Fetched: 2026-03-07T12:48:00Z
[2/5] Secureframe - CMMC Documentation Templates
- Type: consulting page (vendor with free templates)
- Relevance: Free CMMC documentation templates created by former federal auditors covering key assessment documents
- Key findings:
- Free templates available (no apparent registration required to download):
- System Security Plan (SSP) template
- POA&M template
- Configuration Management Plan template
- Incident Response Plan template
- Risk Assessment template
- Risk Mitigation Plan template
- Templates created by in-house federal compliance experts (former auditors)
- Covers CMMC Levels 1, 2, and 3 compliance checklists
- Secureframe also sells a paid platform with automated CMMC compliance
- Direct downloads: https://secureframe.com/hub/cmmc/templates (individual downloads per template type)
- Fetched: 2026-03-07T12:49:00Z
[3/5] cmmcaudit.org - CMMC Templates Tag Archive
- Type: community resource
- Relevance: Archive of all cmmcaudit.org articles tagged "cmmc-templates" β includes annual compliance tasks guide and tools/templates page
- Key findings:
- Links to the main templates/tools page (same as earlier finding)
- "CMMC Annual Compliance Tasks" article (Dec 2022) covers 6 annual maintenance tasks
- Site designed by Kieri Solutions β indicates Kieri has community involvement
- Newsletter available for updates
- Direct downloads: none
- Fetched: 2026-03-07T12:49:00Z
[2/5] ComplianceForge - Editable CMMC & NIST 800-171 Policy Templates
- Type: consulting page (vendor)
- Relevance: Industry-leading paid CMMC documentation templates β "DIBCAC battle tested" β widely recommended in community for small-medium businesses
- Key findings:
- Products: NIST 800-171 Compliance Program (NCP) β includes policies, standards, procedures, SSP, POA&M, IR Plan
- Covers NIST 800-171 R2 and R3, CMMC 2.0 Levels 1, 2, and 3
- Used successfully in multiple DIBCAC audits
- Scalable from Fortune 500 to small businesses
- Also offers free guides: Unified Scoping Guide, Cybersecurity Program how-to, and more
- Sample SSP PDF available: https://complianceforge.com/content/examples/example-ncp-ssp.pdf
- ComplianceForge has been operational since 2005
- Available at: https://complianceforge.com/nist-800-171-cmmc-policy-templates/ and https://complianceforge.com/compliance/cmmc-compliance-dfars-252-204-7021
- Direct downloads: https://complianceforge.com/content/examples/example-ncp-ssp.pdf (example/sample SSP PDF)
- Fetched: 2026-03-07T12:50:00Z
[5/5] NIST SP 800-171 POA&M Template (Direct Download)
- Type: official doc (NIST/gov)
- Relevance: Official NIST Plan of Action & Milestones template for 800-171/CMMC compliance β required for DoD contractors
- Key findings:
- Official NIST DFARS 7012 POA&M template
- Free, no registration β directly applicable to CMMC Level 2
- Highly recommended by cmmcaudit.org as starting point
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- Fetched: 2026-03-07T12:50:00Z (binary skip)
Worker: consulting
[2/5] CMMC Documentation Templates - Secureframe
- Type: consulting page
- Relevance: Free CMMC documentation templates including SSP, POA&M, IRP, config management, risk assessment
- Key findings:
- Offers 6 templates: SSP, POA&M, Configuration Management Plan, Incident Response Plan, Risk Assessment, Risk Mitigation Plan
- Templates appear as direct "Download" links (unclear if gated without JS)
- Created by former federal auditors; tailored for CMMC assessment evidence
- Platform is Secureframe (GRC tool vendor) β templates are marketing lead-gen
- Direct downloads: email-gated (likely form required based on vendor pattern)
- Fetched: 2026-03-07T12:42:00Z
[3/5] CMMC Level 1 Requirements Templates and Toolkit - RADICL
- Type: consulting page
- Relevance: Comprehensive FREE CMMC Level 1 template toolkit with 20+ individual Word document templates, no registration required
- Key findings:
- All templates in editable Word (.docx) format, direct download (no email gate detected)
- Includes: Physical Security Policy, Visitor Log, Physical Access Device Inventory, Access Control Policy, System User Accounts, Authorized Users Inventory, SSP, Data Retention Policy, Incident Response, and many more
- Each template mapped to specific CMMC Level 1 practice objectives (e.g., PE.L1-3.10.1, AC.L1-3.1.1)
- Also offers "CMMC Level 1 Package" β full set download in one ZIP
- Templates dated July 22, 2024 β current for CMMC 2.0
- RADICL is a vSOC/MDR vendor; templates are marketing but genuinely free
- Direct downloads: https://radicl.com/cmmc-level-1-template-toolkit (individual .docx links on page β confirmed free, no gate)
- Fetched: 2026-03-07T12:44:00Z
[2/5] CMMC Compliance Templates - Sprinto
- Type: blog/consulting page
- Relevance: Blog post listing free CMMC policy templates across all 14 NIST 800-171 control families
- Key findings:
- Covers Level 2 controls aligned to NIST 800-171 (110 requirements, 14 families)
- Control families include: Access Control, Incident Response, Configuration Management, Risk Assessment, etc.
- Templates appear to be embedded or linked within post β no direct .docx/.pdf links found in fetch
- Likely requires Sprinto account or email for actual downloads
- Good reference article explaining CMMC policy structure
- Direct downloads: email-gated (Sprinto GRC platform sign-up likely required)
- Fetched: 2026-03-07T12:45:00Z
[2/5] CMMC 101 SSP Template - Hive Systems
- Type: consulting page
- Relevance: Free CMMC 2.0 SSP template in Word/PDF, requires registration
- Key findings:
- Pre-formatted SSP aligned with CMMC 2.0 control families
- Inline guidance notes, responsibility/status trackers
- Editable in Word or PDF
- Requires form fill (name/email) β "Sign up once and unlock all our resources"
- Target: DIB contractors, compliance teams, SMBs preparing for assessment
- Direct downloads: email-gated (form required)
- Fetched: 2026-03-07T12:46:00Z
[2/5] Free SSP Template - Nexeris
- Type: consulting page
- Relevance: Free CMMC Level 2 SSP covering all 110 controls and 320 assessment objectives β delivered via email
- Key findings:
- Covers all 110 CMMC Level 2 controls and 320 assessment objectives
- Fillable fields, pre-populated content for all practices
- .DOCX format, trusted by 20+ defense contractors
- Delivered via email after form submission (email-gated but explicitly free, no paywall)
- Also offers: Free CMMC Policies, Free Level 2 Audit Readiness Checklist, IRP Template
- Direct downloads: email-gated (DOCX via email β free but requires email)
- Fetched: 2026-03-07T12:46:00Z
[3/5] CMMC Policy Templates and Tools - CMMCAudit.org
- Type: consulting page (community resource)
- Relevance: Curated index of free and paid CMMC/NIST 800-171 templates with reviews β best aggregator page found
- Key findings:
- NIST official SSP template: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx (FREE, no gate)
- NIST official POA&M template: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx (FREE, no gate)
- DoD SERDP-ESTCP: ~20 downloadable templates (IRP, IT Policy, etc.) in DOC format, no sign-up required β "best free template set on the Internet" per reviewer
- SANS Institute security policies in PDF/DOC, no registration (not CMMC-specific, needs rework)
- Kieri Compliance Documentation: paid product (worth noting as high-quality paid option)
- Updated October 2024
- Direct downloads:
- https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
- https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- Fetched: 2026-03-07T12:47:00Z
[2/5] DoD ESTCP Cybersecurity Templates and Checklists
- Type: official doc (DoD .mil site)
- Relevance: DoD RMF templates for Facility-Related Control Systems β tangentially useful for CMMC evidence gathering
- Key findings:
- Focused on Facility-Related Control Systems (FRCS) and DoD RMF, not CMMC Level 1/2 directly
- Contains NIST SP 800-37, 800-82, 800-53 guidance and associated templates
- CMMCAudit.org recommended this for IRP and IT Policy templates in DOC format (no sign-up)
- May require navigating to specific sub-pages for the actual template downloads
- More appropriate for large contractors or OT environments than typical small DIB contractors
- Direct downloads: none found at this URL; need to navigate sub-pages
- Fetched: 2026-03-07T12:48:00Z
[1/5] CMMC Level 1 Assessment GitHub Repo
- Type: github repo
- Relevance: Academic CMMC Level 1 self-assessment project for a fictional small business β includes PDF assessment
- Key findings:
- Uses "Michael Scott Paper Company" as example small business β fictional scenario for coursework
- Includes CMMC 2.0 Level 1 self-assessment PDF (CMMCLevel1Assessment.pdf)
- References DoD's official Level 1 Assessment Guide PDF
- Stars: 0 β very low community engagement, academic exercise only
- Google Drive with supporting docs available for the class project
- Direct downloads: https://github.com/shikha1149myprojects/CMMC-Level1-Assessment/raw/main/CMMCLevel1Assessment.pdf
- Fetched: 2026-03-07T12:49:00Z
[2/5] PreVeil Compliance Accelerator Package
- Type: consulting page
- Relevance: PreVeil's paid CMMC Level 2 documentation package β comprehensive SSP, SOPs, SRM, and assessment checklists
- Key findings:
- NOT free β bundled with PreVeil's paid email/drive security product
- Covers all 110 controls and 320 objectives with pre-filled SSP
- Includes: SSP, SOPs (14 control families), Shared Responsibility Matrix, Network/CUI Flow Diagrams, Assessment Checklists
- Validated by external C3PAO; customers report "perfect 110 scores" in DIBCAC assessments
- Cuts documentation work by ~80% vs DIY; DoD estimates $150K DIY cost
- Compliance Accelerator PDF brochure available: https://www.preveil.com/wp-content/uploads/2024/07/PreVeil-Compliance-Accelerator.pdf
- Free account creation available but package appears tied to product subscription
- Direct downloads: email-gated / product-purchase-gated; brochure PDF freely available
- Fetched: 2026-03-07T12:50:00Z
[2/5] Redspin CMMC Assessment Interview Question Guides
- Type: consulting page
- Relevance: 14 domain-specific CMMC assessment interview question guides from a C3PAO β email-gated
- Key findings:
- Covers all 14 CMMC domains (AC, AU, AT, CM, IA, IR, MA, MP, PS, RA, CA, SC, SI, PE)
- Put together by Redspin, an accredited C3PAO β high credibility
- Requires form completion for full access + individual domain guide downloads
- Interview question guides help contractors prepare for assessor interviews, not templates per se
- Redspin is a certified C3PAO (high authority for CMMC content)
- Also has checklists, white papers, and research reports on their resource center
- Direct downloads: email-gated (form required for download)
- Fetched: 2026-03-07T12:51:00Z
[2/5] How to Perform a CMMC Level 1 Self-Assessment - Totem.tech
- Type: consulting page (blog)
- Relevance: Step-by-step guide from Totem (CMMC-focused MSP) on conducting and reporting a Level 1 self-assessment
- Key findings:
- Totem specializes in CMMC compliance for small businesses in the DIB
- Covers all 15 FAR 52.204-21 safeguards and 59 assessment objectives from NIST 800-171A rev 2
- Explains SPRS reporting process (mandatory for all DIB contractors)
- Offers free tools at totem.tech/resources including CMMC Timeline, Totem Top 10, DFARS E-Book, Acronyms Glossary
- Offers paid CMMC compliance software (Totemβ’) and HRDN-ITβ’ Single PC CMMC Enclave
- Also offers CMMC Level 1 Facilitator certification for GovCon professionals
- Blog post is free; templates appear to be tied to software/workshop products
- Direct downloads: none directly β free resources linked at totem.tech/resources
- Fetched: 2026-03-07T12:52:00Z
[4/5] CMMC Level 1 Self-Assessment Guide - CMMC Toolkit Wiki
- Type: official doc (wiki mirror of DoD CIO official guide, Version 2.13, Sept 2024)
- Relevance: Full text of official DoD CMMC Level 1 Self-Assessment Guide β publicly accessible, no download needed
- Key findings:
- Source: DoD CIO CMMC Level 1 Self-Assessment Guide v2.13 (September 2024)
- Covers all 15 Level 1 safeguarding requirements with interview, examine, and test methods
- Six domains: Access Control, IA, Media Protection, Physical Protection, SC, SI
- Completely free, no registration β public release, distribution unlimited
- Links to Level 2 and Level 3 assessment guides as well
- Excellent reference for self-assessment methodology documentation
- Direct downloads: none (wiki format β can be bookmarked/printed directly)
- Fetched: 2026-03-07T12:52:00Z
[3/5] Totem Free CMMC Tools and Templates
- Type: consulting page
- Relevance: Extensive free CMMC template library from Totem (CMMC-specialist MSP) β 20+ templates, no registration required
- Key findings:
- TRULY FREE downloads β no email gate detected ("Download" links, no form)
- Templates include:
- DoD Self-Assessment SPRS Scoring Sheet
- CMMC Level 1 Checklist (17 safeguards)
- CUI Data Flow Diagram Template
- Supply Chain Risk Management Plan Template
- CMMC Compliance Roadmap (interactive)
- Security Impact Analysis (SIA) Process Template
- Separation of Duties Matrix
- CUI Identification Guide Flowchart (interactive PDF)
- Assumed Risk Assessment Template
- Employee CUI Handling Guide Template
- CUI & System Inventory Template
- FIPS-Validated Cryptography Scoping Template
- SSP Introduction & SEPG Template
- Acceptable Use Policy (AUP) Template
- Shared Responsibility Matrix (SRM) Template
- CMMC Continuous Monitoring Template
- Incident Response Plan (IRP) Template
- Security Configuration Settings (Hardening) Checklist
- Computer Incident Response Aid Guide
- Totem Top 10β’ in NIST 800-171 and CMMC
- Note: "For latest versions, consider subscribing to Totem" β free versions available, paid subscription for updates
- Best free template collection from a CMMC consulting firm found in this research
- Direct downloads: https://www.totem.tech/resources/ (all templates appear directly downloadable, no gate)
- Fetched: 2026-03-07T12:53:00Z
[3/5] Free CMMC Policy Templates - Nexeris
- Type: consulting page
- Relevance: 14-document CMMC Level 2 policy template package (ZIP), free with email submission
- Key findings:
- 14 documents covering all 110 Level 2 controls and 320 assessment objectives
- Fillable fields in .ZIP format
- Trusted by 20+ defense contractors per Nexeris claims
- Also offers: Free SSP Template, Level 2 Audit Readiness Checklist, ISO 27001 Risk Assessment, IRP Template
- Delivered via email after form fill β email-gated but explicitly free
- Direct downloads: email-gated (.ZIP via email β free, requires email address)
- Fetched: 2026-03-07T12:53:00Z
[2/5] CMMC 2.0 Starter Policies - InfoSec Policy Starters
- Type: consulting page (paid product)
- Relevance: Complete CMMC 2.0 Level 1 and Level 2 policy template set in .docx format β paid ($200)
- Key findings:
- PAID: $200 for full set (Level 1 + Level 2)
- Level 1: 7 policy documents (AC, IA, Implementation Guide, MP, PE, SC, SI) β 15 pages combined
- Level 2: 14 policy documents covering all NIST 800-171 domains (42 pages combined)
- All in editable .docx format
- Sample policy available to review before purchase
- Useful as a reference for what a complete policy template set looks like
- Direct downloads: none free; paid product at $200
- Fetched: 2026-03-07T12:54:00Z
[3/5] CMMC.com Compliance Resources - Secureframe
- Type: consulting page
- Relevance: Largest free CMMC template library found β 35+ templates in PDF and DOC format, direct download, no registration
- Key findings:
- TRULY FREE β "All documents and templates are free to download, courtesy of the team at Secureframe"
- 35+ templates spanning all CMMC domains:
- Access Control (AC) Procedures Template (PDF + DOC)
- Audit Management Policy (PDF + DOC)
- Audit and Accountability (AU) Procedures Template (PDF + DOC)
- Awareness and Training (AT) Procedures Template (PDF + DOC)
- Configuration Management Plan Template (PDF + DOC)
- Continuous Monitoring Policy Template (PDF + DOC)
- CUI Marking Procedure Template (PDF + DOC)
- Federal Contingency Plan Template (PDF + DOC)
- Impact Analysis Template (PDF + DOC)
- Incident Response (IR) Procedures Template (PDF + DOC)
- Maintenance Policy + MA Procedures Template (PDF + DOC)
- Media Protection (MP) Procedures Template (PDF + DOC)
- NIST 800-63B Password Policy Template (PDF + DOC)
- Personnel Security (PS) Procedures Template (PDF + DOC)
- Physical Protection (PE) Procedures Template (PDF + DOC)
- Plan of Action and Milestones (POA&M) Template (XLSX)
- Risk Assessment (RA) Procedures Template (PDF + DOC)
- Supply Chain Risk Management Plan + Policy (PDF + DOC)
- System and Communications Protection (SC) Template (PDF + DOC)
- System and Information Integrity (SI) Procedures (PDF + DOC)
- System Security Plan (SSP) Template (PDF + DOC)
- Shared Responsibility Matrix Template (XLSX)
- SPRS Scoring Template (PDF + XLSX)
- CMMC & NIST 800-171 Readiness Checklist (XLSX)
- Level 3 SSP Addendum Template
- Software Inventory Template
- Separation of Duties Matrix Template (XLSX)
- Also has "Download All" option
- Site is cmmc.com (redirects to Secureframe) β industry-leading GRC vendor
- Direct downloads: https://www.cmmc.com/resources (all PDFs/DOCs/XLSXs appear directly downloadable β no gate)
- Fetched: 2026-03-07T12:55:00Z
[2/5] Hive Systems CMMC Resources
- Type: consulting page
- Relevance: Free CMMC resources including SSP templates, Level 2 self-assessment tool, and guides from a C3PAO
- Key findings:
- Free CMMC Level 2 Assessment Tool (self-assessment for SPRS scoring)
- SSP templates for NIST 800-171 Rev.2 and Rev.3 β download available (likely email-gated)
- CMMC 101 Guide (free download)
- Month-by-month CMMC Level 2 roadmap with templates
- C3PAO guide and C3PAO selection guide
- Blog, podcast, and video resources
- Hive Systems is an accredited C3PAO β high credibility
- Direct downloads: some gated, some free β SSP template requires form per earlier fetch
- Fetched: 2026-03-07T12:55:00Z
[2/5] ComplianceForge CMMC & NIST 800-171 Templates
- Type: consulting page (paid product)
- Relevance: Industry-leading CMMC/NIST 800-171 documentation templates β paid, "DIBCAC battle tested"
- Key findings:
- PAID products β various bundles at different price points
- Products include: NIST 800-171 Compliance Program (NCP), SCF Policies & Standards (SCRP), SCF Procedures (CSOP)
- Described as "DIBCAC battle tested" β successfully used in actual DoD assessments
- Covers Level 1, 2, and 3 compliance; has been in the market since 2016
- Free guides available: Cybersecurity Supply Chain Risk, Unified Scoping Guide, Integrated Controls Management (no templates)
- Kieri Compliance Documentation (mentioned by cmmcaudit.org) is similar paid offering
- Note: reddit community frequently recommends ComplianceForge as high-quality paid option for SMBs
- Direct downloads: none free; paid products (various price tiers)
- Fetched: 2026-03-07T12:56:00Z
[1/5] Ancero - No CMMC Templates Found
- Type: consulting page (MSP)
- Relevance: Ancero is a managed IT services provider in NJ β no CMMC-specific template library found
- Key findings:
- Ancero is primarily an MSP offering cloud workspace, VoIP, managed services for small businesses
- No dedicated CMMC templates or free downloads found in search results
- May offer CMMC consulting services but without a public template library
- Not a CMMC-specialist firm in the same category as Totem or RADICL
- Direct downloads: none
- Fetched: 2026-03-07T12:57:00Z
[2/5] Strike Graph Free CMMC Self-Assessment Toolkit
- Type: consulting page (GRC tool vendor)
- Relevance: Free 60-day CMMC self-assessment and compliance toolkit for DoD contractors
- Key findings:
- Free 60-day access to Strike Graph's CMMC Self-Assessment and Compliance Toolkit
- Launched October 2025 specifically for DFARS Final Rule compliance
- Tool walks through all CMMC requirements, organizes evidence, generates ready-to-share report
- Also offers free CMMC gap analysis template (blog post)
- Level 1 and Level 2 self-assessment blog posts with detailed step-by-step guides
- After 60 days, likely converts to paid GRC platform subscription
- Includes CMMC Audit Task Checklist (free download per blog)
- Direct downloads: free 60-day tool access (likely requires account creation); gap analysis template available
- Fetched: 2026-03-07T12:58:00Z
[5/5] NIST SP 800-171 SSP Template - Direct Download
- Type: official doc (NIST/government)
- Relevance: Official NIST System Security Plan template for SP 800-171 Rev 2 β foundation for CMMC Level 2 SSP
- Key findings:
- Direct .docx download from NIST CSRC β no registration, no email, truly free
- Rev 2 template β aligned with current CMMC 2.0 Level 2 requirements
- This is THE authoritative template; all consulting SSPs are derived from or compared against this
- Required for DFARS 7012 compliance; forms basis for Level 2 certification documentation
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-SSP-Template-final.docx
- Fetched: 2026-03-07T12:59:00Z (binary .docx β noted, not fetched)
[5/5] NIST SP 800-171 POA&M Template - Direct Download
- Type: official doc (NIST/government)
- Relevance: Official NIST Plan of Action & Milestones template for SP 800-171 Rev 2
- Key findings:
- Direct .docx download from NIST CSRC β no registration, no email, truly free
- Required for CMMC Level 2 compliance documentation
- Documents deficiencies, timelines, and remediation plans for CMMC controls
- Used for SPRS self-assessment scoring submissions
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- Fetched: 2026-03-07T12:59:00Z (binary .docx β noted, not fetched)
Worker: github
GitHub CMMC Templates Research Results
Worker: github | Started: 2026-03-07T12:41:00Z
[3/5] SecurityBagel/CMMC-Bagel
- Type: github repo
- Relevance: Open-source Power BI template for CMMC compliance assessment tracking and POA&M management with SPRS scoring.
- Key findings:
- Stars: 107
- Forks: 21
- Includes Assessment Template.xlsx and POA&M Template.xlsx (Excel files)
- Power BI dashboard with automated SPRS scoring and combined assessment metrics
- Supports SharePoint Online for cloud-based compliance tracking
- Templates folder with downloadable CMMC assessment worksheets
- Direct downloads:
- https://github.com/SecurityBagel/CMMC-Bagel/raw/main/Templates/Assessment%20Template.xlsx
- https://github.com/SecurityBagel/CMMC-Bagel/raw/main/Templates/POAM%20Template.xlsx
- Fetched: 2026-03-07T12:50:00Z
[3/5] proinsights/CMMC-Bagel-Lite
- Type: github repo (fork of SecurityBagel/CMMC-Bagel)
- Relevance: Lightweight fork of CMMC-Bagel with direct downloadable Excel POA&M Template and Assessment Template files in the repo root.
- Key findings:
- Stars: 0, Fork of SecurityBagel/CMMC-Bagel
- Contains Assessment Template.xlsx, POAM Template.xlsx, Control Info.xlsx directly in repo
- CMMC Bagel Lite.pbit Power BI template file
- Automated SPRS scoring with POA&M allowance status per 32 CFR Part 170
- Combined Assessment Metrics across facilities/devices
- Direct downloads:
- https://github.com/proinsights/CMMC-Bagel-Lite/raw/main/POAM%20Template.xlsx
- https://github.com/proinsights/CMMC-Bagel-Lite/raw/main/Assessment%20Template.xlsx
- https://github.com/proinsights/CMMC-Bagel-Lite/raw/main/Control%20Info.xlsx
- Fetched: 2026-03-07T12:51:00Z
[3/5] JAKTOOL/cmmc
- Type: github repo
- Relevance: Web app that guides users through NIST 800-171 Rev 2 and Rev 3 controls to generate SSP markdown files and POA&M CSV exports.
- Key findings:
- Stars: 31
- Forks: 4
- Generates markdown-based SSP from control walkthroughs
- Generates POA&M in CSV format for unimplemented requirements
- Client-side IndexedDB storage β no privacy concerns
- PWA/offline capable
- Live app available (see README)
- Direct downloads: none (web app generates output)
- Fetched: 2026-03-07T12:52:00Z
[2/5] timames/cmmc-level2-implementation-graylog_ollama
- Type: github repo
- Relevance: 500+ page CMMC Level 2 implementation guide covering all 110 practices, SSP framework, policy templates, and C3PAO readiness β focused on Graylog SIEM + Ollama.
- Key findings:
- Stars: 0
- Forks: 0
- 500+ page implementation guide (primary resource, linked externally)
- All 110 CMMC Level 2 practices with implementation guidance
- SSP framework and templates included
- Policy templates and compliance documentation
- 6-12 month phased implementation roadmap
- docs/ and scripts/ folders in repo
- Direct downloads: none (guide linked externally)
- Fetched: 2026-03-07T12:53:00Z
[2/5] nightstalker117/nistify-800-171r2
- Type: github repo
- Relevance: Python network scanner that auto-generates NIST SP 800-171 R2 compliance reports including POA&M Excel spreadsheets and SPRS scores.
- Key findings:
- Stars: 0
- Automated NIST 800-171 R2 compliance assessment via network scanning
- Outputs: HTML, PDF, JSON, XML, TXT reports + Excel POA&M spreadsheet
- Calculates SPRS scores automatically
- Network topology visualization included
- Requires Nmap + Python dependencies
- Direct downloads: none (script generates output)
- Fetched: 2026-03-07T12:54:00Z
[2/5] HailBytes/security-policy-templates
- Type: github repo
- Relevance: NIST CSF-aligned security policy templates for SMBs, covering incident response, data protection, and infrastructure security β applicable to CMMC Level 1/2.
- Key findings:
- Stars: 2
- Forks: 1
- Ready-to-use markdown policy templates in policies/ folder
- Covers: AUP, Password Policy, Clean Desk, Email Policy, Incident Response, Data Breach Response, Disaster Recovery, Server Security, Router/Switch Security, Wireless
- Mapped to NIST CSF functions
- Practical implementation timelines for resource-constrained SMBs
- Direct downloads: https://github.com/HailBytes/security-policy-templates/tree/main/policies
- Fetched: 2026-03-07T12:55:00Z
[2/5] CivicActions/ssp-toolkit
- Type: github repo
- Relevance: Automates creation of System Security Plans (SSP) required by RMF β useful template base for CMMC SSP documentation.
- Key findings:
- Scripts and YAML-based templates for generating SSPs
- Docker container support for ease of deployment
- Tools: createfiles, makefamilies, makessp, creatematrix, selectcontrols, exportto
- Oriented toward RMF/FedRAMP but applicable to CMMC SSP structure
- Direct downloads: none (toolchain generates output)
- Fetched: 2026-03-07T12:56:00Z
[2/5] mlunato47/claude-grc-plugin
- Type: github repo
- Relevance: Claude Code plugin acting as a GRC analyst with 72+ reference files for 15 frameworks including CMMC β generates SSP narratives, POA&Ms, and cross-framework mappings.
- Key findings:
- 15 compliance frameworks: NIST 800-53, FedRAMP, CMMC, SOC 2, ISO 27001, PCI DSS, HIPAA, etc.
- 24 slash commands for GRC tasks
- Cross-framework control mapping via NIST 800-53 as hub
- Document review for SSP narratives and POA&Ms with 0-5 maturity scoring
- Direct downloads: none (Claude plugin)
- Fetched: 2026-03-07T12:57:00Z
[2/5] shikha1149myprojects/CMMC-Level1-Assessment
- Type: github repo
- Relevance: Academic CMMC 2.0 Level 1 self-assessment project with PDF assessment report and Excel template linked via Google Drive β good example of Level 1 gap assessment for small business.
- Key findings:
- Stars: 0
- Based on fictional "Michael Scott Paper Company" small business scenario
- Self-assessment against DoD CMMC 2.0 Level 1 requirements
- Google Drive link contains Excel assessment template and evidence collection examples
- PDF assessment report included in repo
- References DoD official CMMC 2.0 Level 1 self-assessment guide
- Direct downloads:
- https://github.com/shikha1149myprojects/CMMC-Level1-Assessment/raw/main/CMMCLevel1Assessment.pdf
- Fetched: 2026-03-07T12:58:00Z
[2/5] ceagan/oscal-cmmc
- Type: github repo
- Relevance: OSCAL-formatted CMMC v2 catalog JSON β machine-readable catalog of all CMMC controls usable in automated compliance tooling.
- Key findings:
- CMMC_v2_catalog.json in OSCAL format
- Useful for toolchain integration and automated SSP generation
- Contains assessment objects for each control
- Direct downloads: https://github.com/ceagan/oscal-cmmc/raw/main/CMMC_v2_catalog.json
- Fetched: 2026-03-07T12:59:00Z
[2/5] kawa5604/CMMC_mapping
- Type: github repo
- Relevance: Interactive web app mapping CMMC to NIST SP 800-171 and NIST SP 800-53 controls β useful for understanding control relationships during SSP development.
- Key findings:
- CMMC β NIST 800-171 β NIST 800-53 cross-mapping
- Searchable/filterable interface
- Apache 2.0 license
- Direct downloads: none (web app)
- Fetched: 2026-03-07T13:00:00Z
Worker: gov
CMMC 2.0 Templates Research - GOV Worker Results
Domain: Official government sources (NIST, DoD, CISA, CMMC-AB, acquisition.gov) Started: 2026-03-07T12:41:00Z
[5/5] CMMC Resources & Documentation - DoD CIO
- Type: official doc
- Relevance: Central hub for all official CMMC 2.0 documentation, guides, and briefings from the DoD CIO office.
- Key findings:
- Lists all current assessment and scoping guides for Levels 1, 2, and 3
- Links to DFARS clauses 252.204-7012, 7019, 7020, 7021
- References SPRS for score submission and affirmation
- Includes Feb 2025 briefings on SPRS, eMASS, FedRAMP, and technical implementation
- Phase 1 CMMC implementation (Nov 2025 - Nov 2026) focuses on L1 and L2 self-assessments
- Reminder: affirmations required with CMMC assessments in SPRS
- Direct downloads:
- https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL1.pdf
- https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2.pdf
- https://dodcio.defense.gov/Portals/0/Documents/CMMC/ScopingGuideL1.pdf
- https://dodcio.defense.gov/Portals/0/Documents/CMMC/ScopingGuideL2v2.pdf
- Fetched: 2026-03-07T12:45:00Z
[5/5] CMMC Assessment Guide β Level 1 (Current v2.13)
- Type: official doc
- Relevance: Official DoD CIO guide for CMMC Level 1 self-assessment covering all 17 FAR 52.204-21 practices.
- Key findings:
- Level 1 self-assessment requirements per 32 CFR Β§ 170.15
- OSA assesses its own contractor information system(s) for FCI (Federal Contract Information) safeguarding
- Based on FAR Clause 52.204-21 basic safeguarding requirements
- Covers 17 basic cyber hygiene practices for Level 1
- Annual self-assessment with affirmation required in SPRS
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL1.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF, not fetched)
[5/5] CMMC Assessment Guide β Level 1 v2.13
- Type: official doc
- Relevance: Version 2.13 (September 2024) of the CMMC Level 1 Assessment Guide β the latest version.
- Key findings:
- Most current version of L1 assessment guide
- Aligned with 32 CFR Part 170 final rule
- Provides assessment objectives for each of the 17 L1 practices
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL1v2.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF)
[5/5] CMMC Assessment Guide β Level 2 (Current)
- Type: official doc
- Relevance: Official DoD CIO assessment guide for CMMC Level 2, covering 110 NIST SP 800-171 practices.
- Key findings:
- Covers all 110 security requirements from NIST SP 800-171 Rev 2
- Used for both self-assessments (L2 self) and C3PAO third-party assessments (L2 advanced)
- Includes assessment scope guidance and CMMC-specific terms
- Supports annual affirmation requirements
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF)
[5/5] CMMC Assessment Guide β Level 2 v2.13
- Type: official doc
- Relevance: Version 2.13 September 2024 β most current L2 assessment guide aligned to final 32 CFR Part 170 rule.
- Key findings:
- Aligned to finalized CMMC rule (32 CFR Part 170, effective Dec 16, 2024)
- Assessment scope definitions for CUI assets, security protection assets, contractor risk-managed assets, specialized assets, out-of-scope assets
- Covers L1 and some L2 as applicable to CMMC level
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AssessmentGuideL2v2.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF)
[5/5] CMMC Level 1 Scoping Guidance
- Type: official doc
- Relevance: Official DoD guide for determining which assets are in scope for CMMC Level 1 self-assessment.
- Key findings:
- Defines FCI scope β Federal Contract Information processed, stored, or transmitted
- Defines in-scope asset categories for L1
- Aligned to 32 CFR Β§ 170.19 CMMC Scoping
- Helps small businesses identify what systems need to be assessed
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/ScopingGuideL1.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF)
[5/5] CMMC Level 2 Scoping Guidance v2.13
- Type: official doc
- Relevance: Official DoD scoping guide for Level 2 β defines asset categories and assessment boundary for CUI environments.
- Key findings:
- Defines 5 asset categories: CUI Assets, Security Protection Assets, Contractor Risk-Managed Assets, Specialized Assets, Out-of-Scope Assets
- Critical for small businesses to properly scope their CMMC assessment boundary
- Aligned to September 2024 v2.13 final rule
- Assessment scope as outlined in 32 CFR Β§ 170.19
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/ScopingGuideL2v2.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF)
[5/5] CMMC Model Overview v2.0
- Type: official doc
- Relevance: Official CMMC 2.0 Model Overview explaining the three-tier structure, practices, and certification requirements.
- Key findings:
- Explains CMMC 2.0 Level 1 (17 practices, self-assessment), Level 2 (110 practices, self- or third-party), Level 3 (110+ practices, government-led)
- Describes how levels are cumulative
- Framework for small, medium, and large contractors
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/ModelOverview_V2.0_FINAL2_20211202_508.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF)
[5/5] DoD SPRS Briefing for CMMC
- Type: official doc
- Relevance: DoD briefing on using SPRS to submit CMMC L1 and L2 self-assessment scores and affirmations.
- Key findings:
- Covers the CMMC Level 1 and Level 2 self-assessment submission process in SPRS
- Explains affirmation requirements for senior official
- SPRS is the authoritative source for supplier performance risk data
- Path to assessments walkthrough for contractors
- Direct downloads: https://dodcio.defense.gov/Portals/0/Documents/CMMC/CMMC-SPRS.pdf
- Fetched: 2026-03-07T12:45:00Z (direct PDF)
[5/5] NIST CUI System Security Plan (SSP) Template
- Type: official doc
- Relevance: Official NIST-provided SSP template for NIST SP 800-171 Rev 2 β the foundational document template for CMMC Level 2 compliance.
- Key findings:
- Free, official Microsoft Word template from NIST
- Required documentation for CMMC Level 2 (practice CA.L2-3.12.4)
- Covers all 14 CUI security requirement families
- Starting point for documenting how 110 NIST SP 800-171 controls are implemented
- Small businesses should start here before any compliance effort
- Direct downloads: https://csrc.nist.gov/files/pubs/sp/800/171/r2/upd1/final/docs/cui-ssp-template-final.docx
- Fetched: 2026-03-07T12:45:00Z (direct .docx download)
[5/5] NIST CUI Plan of Action & Milestones (POA&M) Template
- Type: official doc
- Relevance: Official NIST POA&M template for tracking remediation of NIST SP 800-171 gaps β required for CMMC Level 2 conditional certification.
- Key findings:
- Free, official Microsoft Word template from NIST
- Documents security gaps and remediation plans
- Required for CMMC Level 2 when practices are not yet fully implemented (180-day POA&M allowed)
- Critical document for small businesses with gaps in their cybersecurity posture
- Direct downloads: https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-2/final/documents/CUI-Plan-of-Action-Template-final.docx
- Fetched: 2026-03-07T12:45:00Z (direct .docx download)
[5/5] NIST SP 800-171 Rev 3 Publication Page
- Type: official doc
- Relevance: Latest version of NIST SP 800-171 (Rev 3, May 2024) β the foundational standard for CMMC Level 2.
- Key findings:
- Rev 3 finalized May 2024; DoD memo (Feb 2025) provides organization-defined parameters for Rev 3
- Contains updated CUI protection requirements aligned to CMMC 2.0
- HTML version available; companion SP 800-171A Rev 3 provides assessment procedures
- Small businesses should use Rev 2 for current CMMC assessments until DoD transitions to Rev 3
- Direct downloads: none (publication page; PDF/HTML available from CSRC)
- Fetched: 2026-03-07T12:45:00Z (via search summary)
[5/5] NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
- Type: official doc
- Relevance: Official assessment procedures companion to NIST SP 800-171 Rev 3 β used by assessors for CMMC Level 2.
- Key findings:
- Finalized May 2024
- Provides specific assessment objectives and methods for each 800-171 Rev 3 requirement
- HTML version available
- C3PAOs and DoD assessors use this to evaluate contractor compliance
- Direct downloads: none (publication page)
- Fetched: 2026-03-07T12:45:00Z (via search summary)
[5/5] Supplier Performance Risk System (SPRS)
- Type: official doc
- Relevance: DoD's official system where contractors submit CMMC self-assessment scores and affirmations β mandatory for L1 and L2.
- Key findings:
- Contractors must enter NIST SP 800-171 self-assessment score in SPRS
- CMMC Level 2 self-assessment affirmation entered in SPRS
- Tutorials available for CMMC L2 self-assessment entry workflow
- CAGE code required; integrates with SAM.gov
- SPRS score submission is prerequisite to DoD contract award under CMMC Phase 1
- Direct downloads: none (web application)
- Fetched: 2026-03-07T12:45:00Z (via search summary)
[5/5] DoD Memo: Organization-Defined Parameters for NIST SP 800-171 Rev 3 (Feb 2025)
- Type: official doc
- Relevance: DoD February 2025 memo establishing how contractors should interpret organization-defined parameters in NIST 800-171 Rev 3 for CMMC.
- Key findings:
- Provides DoD's official parameter values for 800-171 Rev 3
- Critical for contractors preparing for eventual transition from Rev 2 to Rev 3 assessments
- Referenced on the CMMC Resources & Documentation page
- Direct downloads: Referenced at dodcio.defense.gov/cmmc/Resources-Documentation/
- Fetched: 2026-03-07T12:45:00Z (via resources page)
Gaps & Limitations
Methodology
Topic: CMMC 2.0 Level 1 and Level 2 certification documentation templates for small business Started: 2026-03-07T12:34:31Z Workers: - consulting: complete | found 18 | fetched 14 | findings 16 - academic: complete | found 24 | fetched 14 | findings 24 - gov: complete | found 18 | fetched 1 | findings 11 - github: complete | found 11 | fetched 8 | findings 10 - community: complete | found 16 | fetched 14 | findings 14 Total sources (deduplicated): 79 Retry queue: 0 URLs pending