Cybersecurity Maturity Model Certification (CMMC)

SPRS is the location for vendors to certify CMMC Level 1 and Level 2 compliance and for the defense acquisition community to review.

“The CMMC Program is designed to enforce the protection of sensitive unclassified information shared by the Department with its contractors and subcontractors. The program provides the DoD with increased assurance that contractors and subcontractors are meeting the cybersecurity requirements for nonfederal systems processing controlled unclassified information.” https://dodcio.defense.gov/cmmc/About/

CMMC Supplemental Guidance:

View our CMMC Level 1 and Level 2 Quick Entry Guides below.

32 CFR Part 170, CMMC rule: https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program

Basic Safeguarding of Covered Contractor Information Systems: FAR clause 52.204–21

Supplemental guidance, including the CMMC Level 1 Scoping Guide, CMMC Level 1 Self-Assessment Guide, CMMC Level 2 Scoping Guide, and the CMMC Level 2 Assessment Guide can be found at: https://dodcio.defense.gov/CMMC/Documentation/

Questions related to technical interpretation of these CMMC documents may be directed to osd.pentagon.dod-cio.mbx.cmmc-inquiries@mail.mil . Do not submit questions requesting interpretation or modification of NIST source documents, which are outside the CMMC Program's purview.

Reference Materials

For commonly asked questions view the Cyber Reports FAQ page.


SPRS Access
Cyber Reports

SPRS Access Cyber Reports

CMMC
Quick Entry Guide
Level 1 (Self)

CMMC Quick Entry Guide

CMMC
Quick Entry Guide
Level 2 (Self)

CMMC Level 2 Self-Assessment Quick Entry Guide

CMMC Assessment
Viewing Guide
for Government

CMMC Assessment Viewing Guide

SPRS Cyber Reports
(CMMC & NIST)
Instructor Led Training

SPRS Online Training

Instructor Led

This training will provide step-by-step instructions for the SPRS Cyber Reports (CMMC & NIST). This training is intended for vendors and will cover entering, editing, affirming, and deleting records. Interpreting requirements and conducting the assessments will not be covered.

Watch
CMMC Level 2
Self-Assessment Tutorial

SPRS Online Training

Print Presentation       Transcript

This tutorial goes over entering, editing, and affirming the Cybersecurity Maturity Model Certification (CMMC) Level 2 Self-Assessment within SPRS.

Watch
CMMC Level 1
Entry Tutorial

CMMC Level 1 Entry Tutorial

Print Presentation       Transcript

This tutorial goes over entering, editing, and affirming the Cybersecurity Maturity Model Certification (CMMC) Assessment within SPRS.

Watch
Affirming Official
Tutorial for CMMC

SPRS Online Training

Print Presentation       Transcript

This tutorial is a step-by-step guide for Affirming Officials (AO) to affirm Cybersecurity Maturity Model Certification (CMMC) for all levels.

Tools for Responsible Awards Logo for Supplier Performance Risk System.