DoW Contractors · CMMC 2.0 Level 2 · NIST 800-171
CMMC Readiness Assessment.
Eighteen honest questions across the six NIST SP 800-171 control families that anchor CMMC 2.0 Level 2 — Access Control, Audit & Accountability, Configuration Management, Identification & Authentication, Incident Response, and Risk Management. About ten minutes. No email required to see your score.
- Mapped to NIST 800-171, CMMC 2.0 L2, DFARS 252.204-7012
- SPRS-aware framing — gap surfaced before C3PAO money
- Scoring runs locally in your browser
- Optional written report + SSP / POA&M roadmap on request
Access Control Audit & Accountability Configuration Management Identification & Authentication Incident Response Risk Management
Question 1 of 18 0%
What it covers
Six 800-171 control families. Eighteen honest questions.
Built around the audit reality your prime, your assessor, and the DoW Assessment Methodology actually care about. The score gives leadership a place to start the SSP / POA&M conversation — not the conversation itself. CUI scoping, encryption (FIPS-validated), CMMC scoping, and a full 110-control walkthrough come next.
See the CMMC 2.0 compliance service for the assessment-prep engagement.
-
Access Control
AC family — limiting system access to authorized users, processes, and devices acting on behalf of those users.
-
Audit & Accountability
AU family — creating, protecting, and reviewing audit logs sufficient to support after-the-fact investigation of unauthorized activity.
-
Configuration Management
CM family — establishing baselines, controlling changes, and restricting non-essential software and ports.
-
Identification & Authentication
IA family — uniquely identifying users and authenticating identities before granting access.
-
Incident Response
IR family — establishing a capability to detect, contain, eradicate, and report incidents — including DFARS 72-hour reporting.
-
Risk Management
RA / SI families — assessing risk, scanning for vulnerabilities, and remediating in time to keep the SPRS score honest.
-
Is this the same as a SPRS score?
No. SPRS scoring uses the DoW Assessment Methodology and is a formal calculation against all 110 NIST 800-171 controls. This is a fast self-check across six families to surface where the program is and where it isn't, ahead of an SSP / POA&M build or a C3PAO engagement.
-
Will this prepare me for a C3PAO assessment?
Not by itself. It identifies the obvious gaps before you spend C3PAO money. A formal CMMC Level 2 assessment prep engagement still includes scoping CUI, building / refining the SSP and POA&M, evidence collection, mock assessment, and remediation. See our CMMC compliance service for the full scope.
-
Does this account for DFARS 72-hour reporting?
Yes. The Incident Response domain includes a direct question on DFARS 252.204-7012(c) 72-hour reporting to DoW via DIBNet. Failing that question is a near-certain finding in any audit.
-
Do I need to give an email address?
No. The assessment runs entirely client-side. If you want a written report and a remediation roadmap from our team, you can request one at the end — but the score itself is yours immediately.
Talk to a real engineer
Ready to talk to a Pacific MSSP that knows your contracts?
Scoping calls are free. We'll come back with a fixed-scope CMMC plan — not a brochure, not a referral chain.