Cybersecurity compliance is no longer optional. Let's make sure you're ready.
The InfoPathways CMMC Readiness Assessment gives executives and business owners a clear picture of where their organization stands today and what it will take to achieve CMMC compliance. You'll receive a readiness score, personalized gap recommendations, and a domain-by-domain breakdown covering access control, incident response, data protection, and more.
Section 1 of 15
CMMC Readiness Assessment
This assessment will evaluate your organization's cybersecurity practices across multiple control areas based on NIST 800-171 standards.
You will be asked a series of questions. At the end, you will receive a score and a detailed summary.
Estimated time: 10-15 minutes
Access Control (AC)
1. Does your organization have systems in place to ensure only authorized users, devices, and processes can access your network, and can you revoke that access when necessary?
2. Does your organization limit what specific actions users can perform, based on their job role?
3. Does your organization have controls in place to ensure CUI (Controlled Unclassified Information) is only shared with people who are authorized to see it?
4. Does your organization actively watch and control who accesses your network remotely, and do you use encryption to protect that connection?
5. Does your organization require permission/authorization before allowing someone to connect to your wireless network?
Awareness & Training (AT)
6. Does your organization ensure personnel are made aware of security risks and applicable policies through regular IT & Cybersecurity training?
7. Does your organization provide role specific training to staff regarding their assigned information security duties?
Audit & Accountability (AU)
8. Does your organization create, protect, and retain audit logs for all significant events that are protected from tampering and retained for security monitoring and incident investigation?
9. Can the actions of individual users within your organization's IT systems be uniquely identified and traced?
Configuration Management (CM)
10. Does your organization have documented standard configurations for all your systems, and do you keep an up-to-date list of everything you have?
11. Does your organization establish and enforce security configuration settings based on organizational policies and security benchmarks?
12. Does your organization track, review, and control all changes to systems through a change management process?
Identification & Authentication (IA)
13. Does your organization require unique identification for all users, automated processes, and devices before allowing them to access your systems?
14. Does your organization require MFA (two or more verification methods) for privileged accounts (Administrators, Security Analysts, etc.)?
15. Does your organization have documented, formal processes for creating, managing, and removing login credentials?
Incident Response (IR)
16. Does your organization have a formal, documented plan and specific people assigned to handle security incidents when they occur?
17. When a security incident occurs, does your organization keep records of it and inform the appropriate officials in a timely manner?
Maintenance (MA)
18. Does your organization use documented, scheduled, and approved processes for performing system maintenance?
19. Does your organization control which tools can be used, which methods are approved, and who is allowed to perform maintenance?
20. Does your organization ensure external personnel, such as contractors and vendors, are vetted before they are allowed to access internal IT systems?
Media Protection (MP)
21. Does your organization protect media (drives, documents, etc.) that contain CUI and limit who can access it?
22. Before you throw away, sell, or reuse any storage device (USB drive, hard drive, computer, etc.), does your organization ensure that all data is permanently erased, or the device is destroyed?
Personnel Security (PS)
23. Does your organization screen individuals with background checks and qualification verification prior to authorizing access to CUI?
24. When employees leave or change roles, does your organization take steps to protect systems such as removing access, disabling accounts, and collecting company devices?
Physical Protection (PE)
25. Does your organization restrict physical access to buildings, rooms, and equipment so only authorized people can enter or use them?
26. Does your organization monitor physical access with cameras, visitor logs, and the supervision of guests within the facility?
Risk Assessment (RA)
27. Does your organization perform periodic risk assessments of operations and assets that identify threats, vulnerabilities, and potential impacts?
28. Does your organization regularly scan for security weaknesses and fix them in a timely manner?
Security Assessment (CA)
29. Does your organization regularly test and verify that your security controls are working correctly?
30. When security weaknesses are identified, does your organization create and maintain a plan to fix them with assigned responsibilities and timelines?
System & Communications Protection (SC)
31. Does your organization monitor, control, and protect the data flowing in and out of your network?
32. Does your organization separate your network so that public-facing systems (like websites) are isolated from your sensitive internal systems?
33. When CUI (sensitive information) is being sent over a network, does your organization encrypt it so it can't be intercepted and read by unauthorized people?
System & Information Integrity (SI)
34. When security weaknesses are discovered in your software or systems, does your organization identify them, report them to the right people, and fix them promptly?
35. Does your organization utilize regularly updated antivirus software so it can detect the latest cyberthreats?
36. Does your organization actively monitor security alerts from various sources and respond to them when needed?
Almost Done!
Please enter your information below to receive your results via email.
Assessment Complete
Your score and personalized gap recommendations have been sent to . Check your inbox for your full results report.