CMMC Level 2 Readiness Assessment — Phase 1 Evidence Collection
Legal name, CAGE code, DUNS, prime contract details, and government points of contact.
Start Submission →Network topology, hardware inventory, operating systems, and CUI system boundary documentation.
Start Submission →How CUI enters, moves through, and leaves your environment — data flow diagrams and storage locations.
Start Submission →Cloud services, managed service providers, and third parties that handle or have access to CUI.
Start Submission →Antivirus, EDR, firewalls, MFA, patching cadence, encryption, and other active security controls.
Start Submission →Existing security policies, system security plans, prior CMMC or NIST assessments, and POA&Ms.
Start Submission →User account management, privileged access, multi-factor authentication, and access control policies.
Start Submission →Physical access controls, visitor management, media sanitization, and asset disposal procedures.
Start Submission →Known security gaps, past incidents, active remediation projects, and upcoming security investments.
Start Submission →