Front Page Staging 2

Notice Regarding CMMC 2.0
CMMC Assessments:
The CMMC 2.0 framework is not yet available. DoD officials forecast its release in late November. Once available, ComplyUp will integrate the official framework changes into customers’ existing CMMC assessments. Customers can continue performing assessments as usual, save for the following proposed CMMC 2.0 modifications:
  1. Ignore the Practices removed in CMMC 2.0:
Level 2: AU.2.044, IR.2.093, IR.2.094, IR.2.096, IR.2.097, RE.2.137, SC.2.179
Level 3: AM.3.036, AU.3.048, RE.3.139, RM.3.144, RM.3.146, RM.3.147, CA.3.162, SA.3.169, SC.3.192, SC.3.193, SI.3.218, SI.3.219, SI.3.220
“We do not have the 2.0 document [framework] released yet. That is forthcoming, ready to be posted by the end of November.”
Buddy Dees, Director, CMMC, DoD. 11/09/21 CMMC-AB Townhall
  2. Ignore all Process requirements.
NIST 800-171 Assessments:
At this time, the CMMC 2.0 program does not negate DFARS clause 252.204-7012.
Contractors subject to this clause are still required to produce a NIST 800-171 System Security Plan and submit an SPRS score.
Notice Regarding CMMC 2.0

Compliance Assessment Tool
for DoD Contractors and MSPs.

Easy enough for the self-reliant small-business.
Powerful enough for the compliance professional.

Compliance Assessment Platform

Perform an Assessment

NIST 800-171 contains 110 requirements. Assess your organization to determine where you stand. This is often referred to as a Gap Analysis or a Readiness Assessment.

Produce Formal Documentation

Create your System Security Plan (a formal document describing how you satisfy the 110 requirements) and POA&Ms (remediation plans for the requirements you don’t satisfy).

Submit your Score

Generate your score based on your System Security Plan using the NIST SP 800-171 DoD Assessment Methodology, and submit it to DOD’s Suppliers Performance Risk System.

Implement Remediations

Address the requirements you don’t satisfy by changing configurations, deploying solutions, or updating your company policies.

Monitor & Update

Keep an eye on your organization, and update your documentation periodically to accurately reflect your security posture.

Compliance Assessment Platform

Compliance Assessment Platform

Built with Service Providers in Mind

More Efficient Engagements

Faster, more efficient client engagements with discounted assessments purchased only when you need them.

Everyone Working Together

Invite your team or client to participate in the assessment or simply view your progress.

Flexible, Multi-Tenant Design

Create as many isolated client-tenants as you need complete with independent administration.

Add Lasting Value to your Engagements

Leave your clients with access to their assessment and documentation after your engagement ends, or transfer ownership of the account entirely.


Zero Trust SaaS

We take security as seriously as you do, but in the spirit of NIST’s Zero Trust security model, we’re not asking you to take our word for it. Your assessment data is auto-encrypted, keystroke-by-keystroke, with a unique encryption key you generate before it’s sent to our servers.

We couldn’t decrypt your data even if we wanted to.

NIST 800-171 and CMMC

Demystify CMMC
and NIST 800-171

Discover what compliance involves with requirement overviews, detailed explanations and real-world examples.

Self Assessment

Tackle your

Step through an assessment just as an auditor would to identify any shortcomings that need addressed.

Policy Gaps

Fill in your
Policy Gaps

Build your own internal policy library with ComplyUp’s CMMC & 800-171-specific policy templates, pre-loaded in our Policy Generator.

Auto-Generate Documentation

Compliance Documentation

Automate the generation of your System Security Plan (the key output of your self-assessment and the first thing an auditor will ask for).