CMMC
Skill packages tagged with “CMMC”
CMMC Assessment Scoping
Define CMMC assessment scope, authorization boundary, and network architecture for Level 1 or Level 2. Documents in-scope assets and network diagram narrative for the SSP.
CMMC Asset Inventory
Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.
CMMC Plan of Action & Milestones
Draft and validate the CMMC POA&M: track control deficiencies, remediation plans, owners, and due dates for Conditional Level 2 or Level 3.
CMMC Policies and Procedures
Draft CMMC-aligned security policies and procedures for all NIST 800-171 domains: Access Control, Audit, Awareness, Configuration Management, and others.
CMMC Readiness Gap Analysis
Map controls to NIST SP 800-171 practices, identify CMMC coverage gaps, and build a prioritized remediation roadmap for Level 1 or Level 2.
CMMC System Security Plan
Draft and validate the CMMC SSP for Level 1 or Level 2: system description, boundary, and implementation narratives for each NIST 800-171 practice with evidence pointers.
Cross-Compliance Matrix
Produce a unified multi-framework compliance matrix mapping controls across ISO 27001:2022, NIST CSF 2.0, SOC 2 TSC, GDPR, NIS2/DORA, and NIST 800-53/CMMC. Scores coverage per framework, identifies gaps, and prioritizes remediation by cross-framework benefit and regulatory severity.