Current Status
Thank you for completing our CMMC questionnaire.
Your Compliance Score:
This score (out of 100) reflects your estimated compliance readiness based on your responses. A higher score means fewer security gaps.
⚠️ Your organization has made some progress but remains at risk of non-compliance.
There are multiple security gaps that must be addressed before you can pass a formal assessment. Without improvements, your organization may struggle to meet CMMC requirements, potentially delaying contract approvals.
🔍 Recommended Next Steps:
- ✔️ Identify critical security deficiencies and begin implementing missing controls.
- ✔️ Improve data protection, access controls, and incident response preparedness.
- ✔️ Conduct a pre-assessment readiness review to refine your security posture.
- 📢 You’re on the right path, but additional work is needed for full compliance. Engage CMMC Compliance experts at TestPros to create a structured remediation plan.
📚 Resources
- Official DoD CMMC Program website: dodcio.defense.gov/CMMC
- DoD no-cost cybersecurity compliance resources: dibnet.dod.mil
- Additional cybersecurity resources:
- Locate a C3PAO: cyberab.org
- Obtain additional information on CMMC Assessments, Scoping, and Hashing: dodcio.defense.gov/cmmc/Resources-Documentation
- CUI Quick Reference Guide: dodcui.mil
- FedRAMP Moderate Authorized Service Providers: marketplace.fedramp.gov/assessors
Ready to take the next step? Contact us for assistance!
Follow us for updates:
If you need further assistance, feel free to contact TestPros.
[email protected]
Assessment Results
Email Address *
1. Have you conducted a CMMC self-assessment and documented the results?
2. Has your organization calculated its Supplier Performance Risk Assessment (SPRS) score, and is it up to date?
3. Do you have an up-to-date System Security Plan (SSP) that documents security practices?
4. Do you have a documented Plan of Action & Milestones (POA&M) to address compliance gaps?
5. Are access permissions enforced using role-based access control (RBAC) and the principle of least privilege?
6. Do all users, including privileged accounts, use multi-factor authentication (MFA) for system access?
7. Is there an automated system in place to track and log user access, authentication attempts, and privilege escalations?
8. Is Controlled Unclassified Information (CUI) stored, accessed, and protected in compliance with NIST 800-171 requirements?
9. Is all sensitive data encrypted both at rest and in transit using FIPS 140-2 validated encryption methods?
10. Do you conduct regular security risk assessments to identify vulnerabilities and track compliance progress?
11. Does your organization have a documented and tested incident response plan?
12. Are regular cyber incident simulations (e.g., tabletop exercises, red team assessments) conducted to evaluate response readiness?
13. Do all employees undergo cybersecurity awareness training at least annually?
14. Do you have a formalized process for onboarding and offboarding employees, including access control reviews?
15. Does your organization have a real-time security monitoring system in place to detect and respond to threats, vulnerabilities, and policy violations?
16. Do you have a dedicated compliance officer or team responsible for managing CMMC compliance?
Name:
Email:
Company:
State/Province and Country:
What Challenges
Are You Facing?
