CMMC & SPRS guides
Plain-English guides to CMMC and NIST SP 800-171, written for DoD contractors preparing a self-assessment. Every regulatory claim links to its governing source.
How to Calculate Your SPRS Score (NIST SP 800-171)
A step-by-step guide to the SPRS score: the DoD Assessment Methodology, how the 1/3/5 point weights work, why your score can go negative, and how MFA and FIPS partial credit are scored.
Read guide →CMMC Level 1 vs Level 2: Which Do You Need?
FCI vs CUI, FAR 52.204-21 vs NIST SP 800-171, and the NARA Registry / DoD OIG test that decides whether Level 2 needs a self-assessment or a C3PAO certification.
Read guide →What Is a POA&M? (And Which Gaps Are Eligible)
A Plan of Action and Milestones lets you reach a Conditional Level 2 status with a few open gaps — but not every gap qualifies. Here are the 32 CFR 170.21 eligibility rules and the 180-day clock.
Read guide →FAR 52.204-21: The 15 Basic Safeguarding Requirements
FAR 52.204-21 is the basis for CMMC Level 1. Here's what the 15 basic safeguarding requirements cover, who they apply to, and how the Level 1 self-assessment works.
Read guide →How to Prepare for a CMMC / SPRS Self-Assessment
A practical, in-order walkthrough: define your scope, confirm your SSP, assess at the objective level, build your POA&M, affirm, and enter your summary in SPRS.
Read guide →Conditional vs Final CMMC Status & Validity Windows
What separates a Conditional from a Final Level 2 status, how long each assessment stays current, and when the annual affirmation window opens.
Read guide →