IRONGATE RISK PARTNERS - BUSINESS -
More Tools
Free Tool

CMMC Level 2 Gap Analysis Tool

Gap analysis tool covering all 110 NIST SP 800-171 Rev 2 controls required for CMMC Level 2 certification. Built for defense contractors preparing for C3PAO assessment. No signup, no install, no data leaves your browser.

This is a free, browser-based gap analysis tool. Looking for full compliance management? Our Pro Assessment Tool adds SPRS scoring, POA&M management, evidence tracking, and executive reporting — all in your browser.

Launch Tool View All Resources

Need More?

Free Tool vs. Professional Toolkit

The free tool is a browser-based gap analysis. The Professional Toolkit is an Excel workbook built for C3PAO assessment preparation.

Feature Free Tool Professional
All 110 controls across 14 families
Basic SPRS scoring
Evidence notes per control
Save progress & export to CSV
Automated SPRS scoring with point values
POA&M management with milestones
Evidence tracker with control ownership
Family-level gap analysis dashboard
C3PAO readiness indicators
Executive dashboard with charts
Upgrade to Pro — $369

Or get all tools: Complete Assessment Suite — $1,299

What's Included

Everything You Need

All 110 Controls

Complete coverage of NIST SP 800-171 Rev 2 controls across all 14 security families required for CMMC Level 2.

SPRS Scoring

Weighted point values per control with automatic calculation against the 110-point maximum and 88-point certification threshold.

POA&M Tracking

Plan of Action & Milestones tracking for controls not yet fully implemented.

Evidence Documentation

Attach notes and evidence references to each control for C3PAO assessment readiness.

Save & Export

Save progress as JSON to continue later. Export to CSV for reporting and SSP documentation.

Works Offline

Runs entirely in your browser. No server connection — CUI-safe for preliminary assessments.

Methodology

CMMC Level 2 Scoring

CMMC Level 2 requires implementation of all 110 NIST SP 800-171 Rev 2 controls. The Supplier Performance Risk System (SPRS) uses weighted point values.

ScoreStatusDescription
110MetControl is fully implemented and operational
88+ConditionalMinimum threshold for certification with POA&Ms
< 88Not MetBelow certification threshold — remediation required
0Not AssessedControl has not been evaluated

Getting Started

How to Use This Tool

  1. Launch the tool

    Click "Launch Tool" above. Everything runs in your browser — no CUI data is transmitted.

  2. Select a security family

    Start with any of the 14 NIST SP 800-171 security families.

  3. Assess each control

    Mark implementation status for each of the 110 controls.

  4. Review SPRS score

    Check your weighted score against the 88-point certification threshold.

  5. Track POA&Ms

    Document plans of action for controls not yet fully implemented.

  6. Save and export

    Save as JSON to continue later, or export to CSV for SSP documentation.

Free Assessment Tools

More from IRONGATE

NIST CSF 2.0 Assessment Tool SOC 2 Readiness Checklist FedRAMP Low Baseline Assessment Risk Register Risk Management Risk Treatment Remediation Tracking Crosswalk Framework Mapping TPRM Vendor Assessment Policy Package 5 Policies + Tracker