What frameworks are covered?

CMMC Level 2, NIST 800-171, SOC 2, and FedRAMP readiness indicators, plus AI governance alignment.

Is this a formal assessment?

No. This is a directional pre-assessment to guide remediation prioritization before engaging an assessor or auditor.

How is the score calculated?

Each dimension is scored 1 (ad hoc) to 5 (optimized). Composite percent = sum of scores divided by maximum possible (30).

TOOL · COMPLIANCE READINESS · 12 MIN

Map your controls to a defensible posture.

Score six readiness dimensions against CMMC L2, NIST 800-171, SOC 2, and FedRAMP. Directional baseline only — outputs prioritize where to invest before a formal assessment.

THE SCORECARD

Six dimensions. One composite.

DIMENSIONS · SCORE 1—5

Control ownership
Named owners with SLAs for each control family.
Evidence automation
Programmatic generation of recurring audit artifacts.
Risk register
Living register with mitigation owners and dates.
Policy maturity
Documented, reviewed, version-controlled policy set.
SecOps tempo
Detection, response, and forensics readiness.
Governance cadence
Recurring control review and risk forum.

SCALE

· 1 = Ad hoc
· 2 = Reactive
· 3 = Standardized
· 4 = Measured
· 5 = Optimized

SCORE

COMPOSITE

FOUNDATIONAL

DIMENSIONS SCORED: 0 / 6
RAW SCORE: 0 / 30

Baseline first: control inventory, ownership, and an evidence repository before any framework filing.

OTHER TOOLS

Adjacent calculators.

AI READINESS

AI Readiness Calculator

Score data, talent, governance, infrastructure, culture, and process. 5 minutes.

COPILOT ROI

Copilot ROI Estimator

Year-one net economic impact of a GitHub Copilot enterprise rollout. 4 minutes.

NEXT STEP

Want a formal assessment?

We run gap analyses against CMMC, NIST 800-171, FedRAMP, and SOC 2 with evidence-pack automation.