CyberRookCyberRook

Phased Implementation of CMMC Requirements Has Begun!

CMMC Phase 1 Implementation (Nov 10, 2025 – Nov 9, 2026) to focus primarily on CMMC Level 1 and Level 2 self-assessments  · Reminder to submit AFFIRMATIONS with your CMMC assessments in SPRS

CMMC 2.0 Readiness Platform

From Chaos to CMMC Ready

A self-assessment platform for defense contractors to track, manage, and prove their cybersecurity readiness — for Level 1 and Level 2.

Get Started

Track Every Control

Step through all 15 L1 or 110 L2 practices. Mark each as Met, Not Met, or N/A and watch your score update in real time.

Upload Evidence

Attach policy documents, screenshots, and audit artifacts directly to each control. Organized by domain, private to your company.

Generate Reports

Produce audit-ready PDF reports with your compliance summary, practice checklist, domain performance, and attestation footer.

Frequently Asked Questions

Quick answers about CMMC and the CyberRook Evidence Management Platform

What is CMMC 2.0?
CMMC 2.0 (Cybersecurity Maturity Model Certification) is a unified cybersecurity standard developed by the U.S. Department of Defense for companies in the Defense Industrial Base. It replaces the original CMMC model with a streamlined structure.
Who needs CMMC certification?
Any organization that handles Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as part of DoD contracts — including prime contractors, subcontractors, and suppliers — must meet the applicable CMMC level requirements.
What is the difference between Level 1 and Level 2?
Level 1 (Foundational) covers 15 basic cybersecurity practices for protecting FCI and allows annual self-assessment. Level 2 (Advanced) covers 110 practices aligned with NIST SP 800-171 for protecting CUI and typically requires a third-party assessment.
Is CyberRook a certification authority?
No. CyberRook is a self-assessment and readiness platform that helps defense contractors track their compliance posture, manage evidence, and generate audit-ready reports. Actual CMMC certification is issued by authorized C3PAOs (third-party assessment organizations).
How is my company's data kept private?
Each company account is fully isolated. Your compliance data, uploaded evidence, and team information are never shared with or visible to other organizations using the platform.

Get in Touch

Have questions about CMMC compliance? We're here to help.