Trust Services Criteria · Type I & Type II · All 5 TSCs · Audit-Ready
Required before export
Required before export
Required before export
⏰ OVERDUE
🔄 Delta View Active
✓ Saved
0 controls selected
🔒 Key stored in browser localStorage only — never embedded in this file. Do not share this HTML file after entering your key.
⚠️Previous SOC 2 assessment data found.
If you are a different user, click "New Assessment" to clear it.
📖How to Use This Tool
⚠️ Important: This tool is for internal gap analysis only — not a substitute for a formal CMMC C3PAO assessment. Rev 2 SPRS weights reflect the DoD Assessment Methodology; verify against the current NIST SP 800-171 DoD Assessment Methodology before SPRS submission. Rev 3 controls are based on NIST SP 800-171r3 (finalized May 2024); DoD has not yet adopted Rev 3 for CMMC — Rev 2 applies to all DFARS/CMMC contracts as of 2026. Rev 3 ODP values (marked ODP) must be defined by your organization.