CMMC Level 2 Readiness Score

CMMC Level 2 Readiness Score is a free 3-minute CMMC Level 2 readiness self-assessment for defense contractors handling Controlled Unclassified Information (CUI) under DFARS 252.204-7012. Three minutes from first question to gap report. CFR-cited findings ranked by penalty exposure. No signup, no email required.

What it covers: Access Control + Authentication (NIST AC + IA), Configuration Management + Maintenance (CM + MA), Incident Response + Audit Accountability (IR + AU), Media Protection + Physical Security (MP + PE), and System & Information Integrity + Risk Assessment (SI + RA). Each gap surfaced cites the exact regulation or industry standard it relates to and gives plain-English remediation guidance.

Regulatory references

How it works

  1. Answer 15-20 yes/partial/unsure/no questions across 5 categories
  2. See your overall score (0-100) and per-category breakdowns
  3. Review each compliance gap with the exact regulation, typical penalty range, and remediation guidance
  4. Optionally start a 5-day FileFlo free trial with your audit context preserved — no email gate, gaps unlocked inline

Frequently asked questions

Which DoD contractors should run this CMMC assessment?

Any contractor or subcontractor that handles Controlled Unclassified Information (CUI) under DFARS 252.204-7012. Level 1 (17 practices, annual self-assessment) applies to contractors handling Federal Contract Information (FCI). Level 2 (110 practices, third-party C3PAO assessment) applies to those handling CUI.

Does this replace a C3PAO assessment?

No. CMMC Level 2 requires assessment by a Certified Third-Party Assessor Organization (C3PAO) for most DoD contracts. This audit identifies the highest-impact NIST SP 800-171 gaps so you can remediate before scheduling C3PAO.

How is CMMC different from NISPOM?

NISPOM (32 CFR 117) governs CLASSIFIED information handling by cleared contractors. CMMC governs unclassified CUI handling by DoD contractors under DFARS 252.204-7012.

When does CMMC become mandatory?

DoD finalized CMMC v2.0 rulemaking in 2024-2025. Phased contract implementation runs 2025-2028.

If you want FileFlo to track these documents automatically every day:

FileFlo auto-classifies 85+ document types across regulated industries, alerts you 90/60/30 days before expirations, and produces a one-click PDF binder organized by regulation. Starter $89/mo, Professional $299/mo. 5-day free trial — no credit card.

Start the 5-day free trial