All Tools

CMMC / CPCSC Self-Assessment

Rate your organization against representative NIST SP 800-171 practice families, the shared foundation of both the US CMMC and Canada's CPCSC. Get a readiness band, your biggest gaps, and how CPCSC Level 1 and CMMC compare.

0%
Your biggest gaps
    CPCSC Level 1

    Canada's Program for Cyber Security Certification. Level 1 is aligned to the ITSP.10.171 requirements, Canada's adaptation of NIST SP 800-171, for safeguarding protected information in the defence supply chain.

    CMMC

    The US DoD Cybersecurity Maturity Model Certification. Its Level 2 aligns to the 110 security requirements of NIST SP 800-171, assessed against the same practice families you rated above.

    This is a directional readiness read, not a certification or an official score. The items below sample the 14 NIST SP 800-171 practice families that underpin both CMMC and CPCSC. A real assessment evaluates every applicable security requirement against your implemented controls and evidence. CPCSC Level 1 is aligned to the ITSP.10.171 requirements (Canada's adaptation of NIST SP 800-171), and CMMC Level 2 aligns to the 110 requirements of NIST SP 800-171. Higher levels involve a third-party assessment. Use this to prioritize, then validate with a formal readiness assessment.

    Questions

    What is the difference between CMMC and CPCSC?

    CMMC is the United States Department of Defense Cybersecurity Maturity Model Certification program. CPCSC is the Canadian Program for Cyber Security Certification, Canada's equivalent for its defence supply chain. Both build on the security requirements in NIST SP 800-171, so the underlying practices are largely shared.

    What does CPCSC Level 1 require?

    CPCSC Level 1 is aligned to the ITSP.10.171 requirements, which are Canada's adaptation of NIST SP 800-171. It focuses on the safeguarding of protected information through the same families of practices, such as access control, identification and authentication, and system and information integrity.

    How many practice families does NIST SP 800-171 have?

    NIST SP 800-171 organizes its security requirements into 14 families, including Access Control, Awareness and Training, Audit and Accountability, Configuration Management, Identification and Authentication, Incident Response, and System and Information Integrity, among others. This tool samples representative families so you can gauge readiness quickly.

    Is this a certification or an official score?

    No. This is a directional self-assessment. Certification is granted through the applicable program's assessment process, which for higher levels involves a third-party assessor. Use this to prioritize before that assessment.

    Is this tool free?

    Yes, it is free with no signup and nothing you rate is sent anywhere. If you want help implementing the practices and preparing for a CMMC or CPCSC assessment, our team runs the readiness process.

    Not ready for a call yet?

    Get the compliance playbook

    A few short notes from Jacob on meeting NIST SP 800-171 for CMMC and CPCSC. No fluff, unsubscribe in one click. Reply anytime; it reaches him directly.

    From Jacob Masse, founder of traztech. No spam, unsubscribe in one click.

    Want it done for you?

    CPCSC Level 1 Readiness

    We implement the NIST SP 800-171 practices and prepare you for assessment.

    Explore CPCSC Level 1 Readiness →

    Bidding on defence work?

    We implement the NIST SP 800-171 practices, build your System Security Plan and POA&M, and prepare you for a CMMC or CPCSC assessment. Turn this readiness snapshot into a plan.

    See CPCSC Level 1 Readiness Book a call