Free CMMC Resource Hub
Everything you need to start your CMMC journey — for free.
Readiness assessments, a scoping toolkit, video walkthroughs, and every government-provided CMMC document — curated for DoD contractors and DIB suppliers.
What is the Cybersecurity Maturity Model Certification (CMMC)?
The Cybersecurity Maturity Model Certification (CMMC) was developed by the Department of Defense to enhance cybersecurity across the defense industrial base. It ensures that companies handling Controlled Unclassified Information (CUI) meet standardized security requirements to protect sensitive data from cyber threats.
CMMC combines cybersecurity standards and best practices into a unified model with three maturity levels — basic cyber hygiene at Level 1, more advanced practices at Level 2, and enhanced controls at Level 3. Achieving the right level is mandatory for contractors seeking DoD contracts.
Want the full breakdown? See our CMMC compliance overview.
Giga-Green Free Tools
Free CMMC tools and video guides
Free tools we've built to help you get started — readiness assessments, a scoping toolkit, and video walkthroughs from CMMC Registered Practitioners.
-
Level 1 Readiness Assessment
Quickly evaluate your compliance with the 15 FAR 52.204-21 basic safeguarding requirements. Ideal for contractors handling FCI.
Get access ↓ Free · Email required
-
Level 2 Readiness Assessment
Comprehensive readiness tool derived from the 110 security controls in NIST SP 800-171. For contractors preparing for a C3PAO or a detailed self-assessment.
Get access ↓ Free · Email required
-
CMMC Scoping Tool
Visualize, categorize, and manage your CUI environment. Identify where CUI is stored, processed, and transmitted to focus your security boundary.
Get access ↓ Free · Email required
-
Level 2 Self-Assessment Guide
A clear, visual roadmap through the entire self-assessment process — from system inventory to POA&M and SPRS scoring.
-
Free CMMC Videos & Webinars
On-demand webinars and how-to videos from CMMC Registered Practitioners on scoping, documentation, and assessment prep.
DoD & Government
Government-provided CMMC resources
Every official CMMC document worth bookmarking — assessment guides, scoping guidance, NIST references, and submission portals. Kept current as new versions are released.
- Training
Project Spectrum
DoD-sponsored initiative with free training modules and tools for SMBs pursuing CMMC compliance.
Open
- Regulation
32 CFR Part 170 — CMMC Program Final Rule
Official CMMC final rule published in the Federal Register. Establishes mandatory cybersecurity requirements for DIB contractors.
Open
- PDF
CMMC Level 1 Scoping Guide
Criteria for identifying which systems and processes fall under CMMC Level 1 for organizations handling FCI.
Open
- PDF
CMMC Level 2 Assessment Guide
Comprehensive framework for evaluating cybersecurity practices against Level 2 requirements and preparing for third-party assessment.
Open
- PDF
NIST SP 800-171A
Assessment procedures for evaluating how well your organization meets NIST SP 800-171 requirements. Foundation for CMMC Level 2.
Open
- PDF
CMMC eMASS Briefing
Overview of the DoD's centralized platform for managing cybersecurity assessments and CMMC certifications.
Open
- PDF
CMMC Levels Determination Brief
Guidance to determine which CMMC level applies to your DoD contracts based on FCI vs CUI handling.
Open
- Training
CUI Awareness Training
Free DoD-endorsed training on identifying, handling, and protecting Controlled Unclassified Information. Recommended for all CUI-handling staff.
Open
- Regulation
CMMC Program Final Rule — Press Release
DoD's official announcement of the CMMC final rule and the mandatory certification requirements for DIB contractors.
Open
- PDF
CMMC Level 1 Self-Assessment Guide
Structured checklist for evaluating cybersecurity practices against Level 1 requirements and identifying areas for improvement.
Open
- PDF
CMMC Hashing Guide
Technical instructions on implementing hashing techniques for CMMC evidence submission to C3PAOs and eMASS.
Open
- PDF
CMMC Alignment to NIST Standards
Detailed mapping between CMMC requirements and the corresponding controls in NIST SP 800-171 and NIST SP 800-172.
Open
- PDF
NIST SP 800-171 Rev 3 ODP Values
Standardized Organization-Defined Parameter values for Rev 3, ensuring consistency across the DIB while retaining flexibility.
Open
- PDF
FedRAMP Authorization and Equivalency
How Cloud Service Offerings can meet FedRAMP equivalency for CMMC, including the Customer Responsibility Matrix requirements.
Open
- PDF
Official CUI Cover Sheet (SF901-18a)
DoD-standardized cover sheet for labeling printed CUI materials. Required by CMMC Level 2 physical security controls.
Open
- PDF
CMMC 101 Brief
Introductory overview of the CMMC framework — the program's objectives, structure, and role in safeguarding CUI.
Open
- PDF
CMMC Level 2 Scoping Guide
Criteria for determining the scope of CMMC practices at Level 2 for systems and processes handling CUI.
Open
- PDF
CUI SSP Template
Official NIST System Security Plan template aligned to NIST SP 800-171 Rev. 2 — the foundation for CMMC documentation.
Open
- PDF
CMMC SPRS Submission Guide
How contractors submit their NIST SP 800-171 self-assessment scores to SPRS. Critical for DFARS 252.204-7012 compliance.
Open
- PDF
CMMC Assessment Process (CAP) v2.0
The Cyber AB's authoritative procedural guide for how C3PAOs and CCAs conduct CMMC Level 2 assessments.
Open
- Portal
SPRS Submission Portal
The DoD portal where contractors submit their NIST SP 800-171 self-assessment scores as part of DFARS 252.204-7012 compliance.
Open
Contact
Still not sure where to start? Talk to a CMMC RP.
Tell us where you are in your CMMC journey and we'll follow up within one business day.
Locations
Tucson / Phoenix, AZ
Minneapolis / St. Paul, MN
Fargo, ND
Phone
+1 (701) 630-7188