Protecting Controlled Unclassified Information (CUI) · Maximum Business Value, Minimum Downtime
✓ Saved
🔒 Key stored in browser localStorage only — never embedded in this file. Do not share this HTML file after entering your key.
⚠️Previous assessment data found.
If you are a different user, click "New Assessment" to clear it.
📖How to Use This Tool
⚠️ Important: This tool is for internal gap analysis only — not a substitute for a formal CMMC C3PAO assessment. Rev 2 SPRS weights reflect the DoD Assessment Methodology; verify against the current NIST SP 800-171 DoD Assessment Methodology before SPRS submission. Rev 3 controls are based on NIST SP 800-171r3 (finalized May 2024); DoD has not yet adopted Rev 3 for CMMC — Rev 2 applies to all DFARS/CMMC contracts as of 2026. Rev 3 ODP values (marked ODP) must be defined by your organization.