CMMC Awesomeness - Organization Size-Based Technology Solutions

There are a lot of shitty people out there who will want to claim this as their own original work and the thought of that doesn't sit well with us. Therefore, CMMC-COA uses the Creative Commons Attribution-NoDerivatives 4.0 licensing model so that we retain this awesome Intellectual Property (IP), but you still get to use it. Under Creative Commons licensing, you are free to share this information, including copying and redistributing the material in any medium or format for any purpose, even commercially. 


Per Creative Commons, the licensor cannot revoke these freedoms as long as you follow these license terms:

  • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

  • NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.

Creative Commons Licensing - CMMC Awesom

Just to reiterate, there is no endorsement of any kind for products or services listed on this website - It is entirely your responsibility to conduct appropriate due diligence and due care in selecting and engaging a product or service for implementation against CMMC practices and processes within your organization. Your responsibility, not ours! Yours!


As for what you get access to, we thought about doing something fancy with this website but we had better things to do with our time. What you can do is download version 2021.2 of the Microsoft Excel file below (click on the pretty pictures below) and you will have three (3) spreadsheets that are organized by:

  • Technology Solutions By CMMC Levels 1-5 Process and Practice (CMMC v1.02) [includes NIST 800-53 R5 mapping]

  • Technology Solutions By Category

  • NIST SP 800-171 DoD Assessment Methodology Worksheet [upgraded to CMMC & NIST SP 800-171A assessment criteria]

  • Mappings to the CMMC Kill Chain phases

  • Assignment of control ownership, execution, etc. for the 382 unique requirements as part of CMMC Level 3.

CMMC Center of Awesomeness - Technology
CMMC Center of Awesomeness - Technology

That's pretty much it - just a shit ton of very useful information for you to get compliant, so please do not bitch and complain that no one is providing any guidance on how to actually comply with CMMC practices and processes. If you do not know what to do with that information, reach out to a competent IT/cybersecurity consultant who can help you with your specific needs.

As for updates, we will update this list every so often... when we have nothing better to do in our day jobs, when we run across new tools that might be of interest or some other reason that would make us want to update the spreadsheets. It is in our interest to keep the spreadsheet updated, since we use these recommendations on a daily basis, so you have access to the awesomeness that we leverage for our own consulting needs. You're welcome, America! 

© 2021. CMMC Center of Awesomeness (CMMC-COA)

The operator of this website disclaims any liability whatsoever for the use of this delightfully entertaining and educational website. Use the CMMC-COA at your own risk. The CMMC-COA is not meant to be politically correct, so it is your profound mistake if you think it is meant to be.


If you have compliance questions, you really, really, really need to consult a competent cybersecurity professional to discuss your specific needs. This website is for educational purposes only and does not render professional services - it is not a substitute for dedicated professional services from a competent cybersecurity professional. There is no endorsement of any kind for products or services listed on this website - It is entirely your responsibility to conduct appropriate due diligence and due care in selecting and engaging with a product or service in your implementation of the CMMC practices and processes.

We do not warrant or guarantee that the information will not be offensive to any person. You are hereby put on notice that by accessing and using the website, you assume the risk that the information and documentation contained in the web site may be offensive and/or may not meet your needs and requirements. The entire risk as to the use of this website, or its contents, is assumed by you. If you don't like these terms, then tough shit - don't use the website or any of the content it provides... go do your own research and work, since it will be good for you.


​We reserve the right to refuse service in accordance with applicable statutory and regulatory parameters.

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon