CMMC 2.0 Readiness Workbook
## The structured self-assessment tool every DIB contractor needs before their C3PAO audit.Before a Certified Third-Party Assessor Organization (C3PAO) can certify your organization for CMMC Level 2, you need to know exactly where you stand against all 110 NIST SP 800-171 Rev 2 practices. This workbook guides you through that assessment — systematically, domain by domain.---### What's inside:System Boundary & Scoping SectionDefine your CUI environment before you assess — including systems, users, cloud providers, and external service providers. Get this right first; scope determines everything.17 Domain Assessment Sections (110 practices total)For every practice: the official requirement, a status checkbox (Met / Partial / Not Met / N/A), and a notes column for your evidence pointer. Domains covered:Access Control · Audit & Accountability · Awareness & Training · Configuration Management · Identification & Authentication · Incident Response · Maintenance · Media Protection · Physical Protection · Personnel Security · Risk Assessment · Security Assessment · System & Communications Protection · System & Information Integrity · Recovery · Risk Management · Situational AwarenessDomain Scoring SummaryTransfer your results and calculate your estimated SPRS score using the DoD's weighted methodology. Know your number before you submit it.POA&M Starter Table18-row gap tracking table with practice ID, gap description, risk level, remediation action, owner, target date, and status.Evidence Collection ChecklistOrganized by category (policies, technical, training, audit/assessment, vendor) — with space for evidence file locations.---### Who this is for:DIB contractors and subcontractors who handle CUI and need to self-assess against NIST SP 800-171 Rev 2 / CMMC Level 2.---### About Saguaro ComplianceBased in Tucson, AZ. Working exclusively with Defense Industrial Base contractors on CMMC Level 2 readiness. Questions: info@saguarocompliance.com
Get it → saguarocompliance.gumroad.com