Current Status
Thank you for completing our CMMC questionnaire.
Your Compliance Score:
This score (out of 100) reflects your estimated compliance readiness based on your responses. A higher score means fewer security gaps.
❌ Your organization is at HIGH RISK for non-compliance.
Your current cybersecurity posture has significant gaps that must be addressed immediately to meet DoD requirements. Without improvements, your organization is unlikely to achieve certification and could lose eligibility for government contracts.
🚨 Recommended Next Steps:
- ✔️ Conduct a full CMMC 2.0 gap analysis to identify missing security controls.
- ✔️ Implement fundamental security measures such as multi-factor authentication (MFA), access control policies, and incident response planning.
- ✔️ Engage with CMMC compliance experts at TestPros to create a structured remediation plan.
- 📢 Act now to strengthen your compliance before upcoming audits.
📚 Resources
- Official DoD CMMC Program website: dodcio.defense.gov/CMMC
- DoD no-cost cybersecurity compliance resources: dibnet.dod.mil
- Additional cybersecurity resources:
- Locate a C3PAO: cyberab.org
- Obtain additional information on CMMC Assessments, Scoping, and Hashing: dodcio.defense.gov/cmmc/Resources-Documentation
- CUI Quick Reference Guide: dodcui.mil
- FedRAMP Moderate Authorized Service Providers: marketplace.fedramp.gov/assessors
Ready to take the next step? Contact us for assistance!
Follow us for updates:
If you need further assistance, feel free to contact TestPros.
[email protected]
Assessment Results
Email Address *
1. Have you conducted a CMMC self-assessment and documented the results?
2. Has your organization calculated its Supplier Performance Risk Assessment (SPRS) score, and is it up to date?
3. Do you have an up-to-date System Security Plan (SSP) that documents security practices?
4. Do you have a documented Plan of Action & Milestones (POA&M) to address compliance gaps?
5. Are access permissions enforced using role-based access control (RBAC) and the principle of least privilege?
6. Do all users, including privileged accounts, use multi-factor authentication (MFA) for system access?
7. Is there an automated system in place to track and log user access, authentication attempts, and privilege escalations?
8. Is Controlled Unclassified Information (CUI) stored, accessed, and protected in compliance with NIST 800-171 requirements?
9. Is all sensitive data encrypted both at rest and in transit using FIPS 140-2 validated encryption methods?
10. Do you conduct regular security risk assessments to identify vulnerabilities and track compliance progress?
11. Does your organization have a documented and tested incident response plan?
12. Are regular cyber incident simulations (e.g., tabletop exercises, red team assessments) conducted to evaluate response readiness?
13. Do all employees undergo cybersecurity awareness training at least annually?
14. Do you have a formalized process for onboarding and offboarding employees, including access control reviews?
15. Does your organization have a real-time security monitoring system in place to detect and respond to threats, vulnerabilities, and policy violations?
16. Do you have a dedicated compliance officer or team responsible for managing CMMC compliance?
Name:
Email:
Company:
State/Province and Country:
What Challenges
Are You Facing?
