CMMC L2 Readiness Pack

A guided, plain-English implementation pack for small DIB contractors preparing for a CMMC Level 2 (NIST SP 800-171 Rev 2) assessment. Built for Mac-heavy and mixed-OS environments. Use it to scope, plan, assign owners, and track gaps without spending six months figuring out where to start.

What's included

The Readiness Pack is built around one master workbook (Excel) plus three companion guides (Word docs). Together they walk you from "we just signed a DFARS 7012 contract and don't know what to do next" to "we have a defensible plan, named owners, a 30-60-90 timeline, and a POA&M an assessor can actually read."

The master workbook (cmmc-l2-premium-readiness-workbook.xlsx) — ten linked tabs that progress from scoping through architecture decisions, external service providers, control ownership, and a fully editable POA&M planner with prioritization, due dates, and a 30-60-90 day roadmap view.

Scope Workshop Guide (.docx) — a practical working session for defining your CUI Assets, Security Protection Assets, Contractor Risk Managed Assets, and Out-of-Scope Assets before you start arguing about controls.

POA&M Prioritization Guide (.docx) — how to turn your gap list into a defensible, ranked plan that survives an assessor's "why this and not that?" questions.

IR Tabletop Exercise Guide (.docx) — a ready-to-run incident response tabletop, scoped to IR.L2-3.6.3, that doubles as evidence for the "test the incident response capability" assessment objective.