About

CMMC and NIST SP 800-171 are precise, and the details matter — partial credit for MFA and FIPS-validated cryptography, which gaps can go on a POA&M, what counts as a Conditional versus Final status, and when a status expires. Most free calculators hand you a number and stop there. A number isn't a self-assessment.

Our mission is to help DoD contractors prepare accurately and confidently — to scope their environment, assess at the objective level, understand exactly how the DoD Assessment Methodology produces their score, track POA&M items against the right deadlines, and walk into SPRS with a clean, defensible record — without needing a consultant for every step.

Everything here is built on the authoritative sources: the 110 NIST SP 800-171 Rev 2 requirements, the DoD Assessment Methodology v1.2.1, the 319 SP 800-171A assessment objectives, and 32 CFR Part 170. We don't invent point values or rules; we encode the ones the government published, and we cite them.

This is a preparation and self-assessment tool. It is not connected to SPRS, it does not submit anything to the government, and it is not legal or compliance-certification advice. When regulations change, we verify against the current authoritative source rather than assume.