top of page

CMMC Awesomeness - Organization Size-Based Technology Solutions

There are a lot of shitty people out there who will want to claim this as their own original work and the thought of that doesn't sit well with us. Therefore, CMMC-COA uses the Creative Commons Attribution-NoDerivatives 4.0 licensing model so that we retain this awesome Intellectual Property (IP), but you still get to use it. Under Creative Commons licensing, you are free to share this information, including copying and redistributing the material in any medium or format for any purpose, even commercially. 


Per Creative Commons, the licensor cannot revoke these freedoms as long as you follow these license terms:

  • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

  • NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.

Creative Commons Licensing - CMMC Awesom

Just to reiterate, there is no endorsement of any kind for products or services listed on this website - It is entirely your responsibility to conduct appropriate due diligence and due care in selecting and engaging a product or service for implementation against CMMC practices and processes within your organization. Your responsibility, not ours! Yours!


As for what you get access to, we thought about doing something fancy with this website but we had better things to do with our time. What you can do is download version 2023.5 of the Microsoft Excel file below (click on the pretty pictures below) and you will have access to some pretty cool shit that includes:

  • CMMC v2.0 levels (just Levels 1 & 2 until the DoD CIO publishes what Level 3 actually is) 

  • CMMC Controls Applicability Matrix (CAM)

  • NIST 800-171A Assessment Objective (AOs) details

  • Technology Solutions By CMMC Levels 1-2 using CMMC v2.0 control numbers [includes Evidence Request List & more]

  • Technology Solutions By Category

  • Shared Responsibility Matrix

  • NIST SP 800-171 DoD Assessment Methodology Worksheet [upgraded to CMMC & NIST SP 800-171A assessment criteria]

  • Mappings to the CMMC Kill Chain phases

  • Assignment of control ownership, execution, etc. for the requirements as part of CMMC Level 2 

  • Evidence Request List (ERL) - likely artifacts you will need for a Level 2 CMMC assessment

  • Objective Evidence (OE) suggestions for each practice & process (you're welcome, America!)

CMMC-COA Awesomeness Spreadsheet.jpg

That's pretty much it - just a shit ton of very useful information for you to get compliant, so please do not bitch and complain that no one is providing any guidance on how to actually comply with CMMC practices and processes. If you do not know what to do with that information, reach out to a competent IT/cybersecurity consultant who can help you with your specific needs.

As for updates, we will update this list every so often... when we have nothing better to do in our day jobs, when we run across new tools that might be of interest or some other reason that would make us want to update the spreadsheets. It is in our interest to keep the spreadsheet updated, since we use these recommendations on a daily basis, so you have access to the awesomeness that we leverage for our own consulting needs. You're welcome, America! 

bottom of page