Overview
This tool lets you assess your environment against the actual controls that govern your federal work, track your progress, and see where your gaps are. It reads from the same 274-control database that powers Find My Requirements.
How It Works
1. Pick a framework — filter by FAR 52.204-21, NIST SP 800-171 Rev 3, CMMC 2.0, or another framework. 2. Work the controls — each item shows the control title, a plain-English description, the assessment question, the official citation, and a severity badge (critical, high, medium, low). 3. Track progress — check off what you've implemented; the tool flags the rest as gaps. 4. See your score — for the NIST 800-171 filter, watch a running SPRS-style score estimate as you go. 5. Export — generate a PDF of your results to feed into your SSP and POA&M.
A note on versions: DoD contracts under DFARS 252.204-7012 currently require NIST SP 800-171 Revision 2 (110 controls), even though Rev 3 is published. Assess against the version your contract references, and confirm in your solicitation.
What to Do With Your Results
Your gap list feeds directly into the next steps:
- Document gaps in a POA&M and prioritize by severity — see **Templates & Downloads**.
- Build the remediation plan with **Build a Compliance Program**.
- Post an honest summary score in SPRS for DoD work.
This tool provides general guidance only, not legal advice. Results are not a substitute for a formal assessment by a qualified professional or C3PAO.