Complete CMMC Level 2 Documentation Package
The Professional-Grade Compliance Framework
Built by Austin McGuire, a Former NSA Technical Director
All 110 NIST SP 800-171 Controls Covered
Price - $4,997
One-Time Payment
30-Day Money-Back Guarantee
What You Get: Everything You Need for CMMC Level 2 Compliance
π 19 Information Security Policies
Complete coverage of all 14 NIST control families:
- Access Control (AC)
- Awareness and Training (AT)
- Audit and Accountability (AU)
- Configuration Management (CM)
- Identification and Authentication (IA)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Personnel Security (PS)
- Physical Protection (PE)
- Risk Assessment (RA)
- Security Assessment (CA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
Every policy includes:
- Control mappings to NIST SP 800-171
- Roles and responsibilities
- Evidence collection criteria
- Evaluation methods
π 147 Reference Document Templates
The documentation your C3PAO assessor actually wants to see:
Tracking and Evidence:
- Evidence Register (REF-EV-01)
- Control Implementation Matrix (REF-CM-01)
- POA and M (REF-PO-01)
Operational Logs:
- Access Request Logs
- Patch Management Tracking
- Incident Response Records
- Training Completion Logs
- Risk Registers
- Vendor Risk Assessments
- System Inventory Tracking
- Change Management Logs
- And 40+ more...
Available in 3 formats:
- Markdown (.md)
- Microsoft Word (.docx)
- Excel (.xlsx)
π 2 System Security Plan (SSP) Templates
Choose the right template for your environment:
- SSP Master Template
- Cloud/Hybrid SSP Shel
Both include:
- Pre-mapped control families
- Evidence attachment structure
- Assessment readiness formatting
π Executive Compliance Dashboard
Track your compliance progress in real time with a professional Power BI dashboard:
- POA and M progress tracking
- Control implementation percentage
- Risk scoring visualization
- Executive-ready reporting
Includes:
- Sample data and setup guide
- Connects to your Excel tracking sheets
- Fully customizable with your company branding
βοΈ Automation Script
Batch-update company information across ALL documents in seconds:
- Replace [CLIENT_NAME] with your company name
- Update executive sponsor names
- Set effective dates
- Automated backup before changes
- Saves hours of manual find-and-replace
π Comprehensive Implementation Guide
A comprehensive README that walks you through:
- Quick start guide
- Complete file inventory with explanations
- Month-by-month implementation roadmap (6β12 months)
- Deep dive on all 14 control families
- Common workflows (onboarding, incidents, patching, etc.)
- Audit preparation checklist
- Troubleshooting and FAQs
- Tool recommendations with pricing
- Official CMMC resources
π― Additional Premium Add-Ons
68 advanced tools and guides that transform documentation into assessment-ready operational capability:
π C3PAO Assessment Cheat Sheets (19 PDFs)
Know exactly what assessors look for before they arrive.
14 Control Family Cheat Sheets:
- Access Control (AC)
- Awareness & Training (AT)
- Audit & Accountability (AU)
- Configuration Management (CM)
- Identification & Authentication (IA)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Personnel Security (PS)
- Physical Protection (PE)
- Risk Assessment (RA)
- Security Assessment (CA)
- System & Communications Protection (SC)
- System & Information Integrity (SI)
Plus 5 Assessment Preparation Guides:
- CMMC Level 2 Assessment Overview
- Common Assessment Findings (top 20 failure reasons)
- Evidence Collection Checklist
- Interview Preparation Guide
- Technical Testing Guide
Each cheat sheet reveals:
- Exact questions assessors will ask during interviews
- Evidence theyβll request
- Technical tests theyβll perform
- Common reasons organizations fail
- How to fix issues before assessment
βοΈ Technical Implementation Guides (5 PDFs)
Step-by-step instructions with screenshots, commands, and configurations:
- MFA Implementation Guide β Duo, Microsoft, Okta, Google comparisons + setup
- Encryption Implementation Guide β Data-at-rest & data-in-transit
- SIEM/Log Monitoring Guide β Centralized logging architecture
- Endpoint Security Guide β EDR/XDR deployment procedures
- Network Segmentation Guide β VLAN/firewall configurations
ποΈ Evidence Collection Playbook (1 PDF, 50+ pages)
The master checklist for C3PAO assessment preparation:
- Complete evidence requirements for all 110 NIST controls
- Folder structure recommendations
- Format requirements (PDF, Excel, screenshots)
- How to redact sensitive information
- Evidence narrative templates
- Sample evidence package table of contents
- Tips for hard-to-collect evidence (cloud, third parties)
π¨ Incident Response Playbooks (5 PDFs)
Step-by-step procedures for real security incidents:
- Ransomware Response Playbook
- Data Breach Response Playbook
- Phishing Response Playbook
- Insider Threat Response Playbook
- DDoS Response Playbook
Each includes:
- Detection indicators
- Immediate response (first 15 minutes)
- Containment procedures
- DFARS reporting requirements
- Communication templates (internal, customer, DoD)
π Assessment Tools (4 Files: 2 Excel + 2 PDF Guides)
Know your compliance score before paying for C3PAO assessment.
CMMC Level 2 Self-Assessment Tool:
- Interactive Excel workbook covering all 110 controls
- Score tracking: Met / Partially Met / Not Met / Not Applicable
- Automatic compliance percentage calculation
- Breakdown by control family
- Gap analysis reporting
- Quarterly progress tracking
SPRS Score Calculator:
- Calculate Supplier Performance Risk System (SPRS) score
- Required for SAM.gov registration
- Score range: -203 to +110
- DoD contractor risk evaluation
- Submission guidance
π POAM Templates (15 PDFs)
Pre-written Plans of Action & Milestones for common gaps:
Templates include:
- MFA Not Implemented
- Encryption Not Implemented
- Logging Insufficient
- Patching Behind Schedule
- Training Overdue
- Access Reviews Not Performed
- Incident Response Plan Not Tested
- Vulnerability Scanning Not Performed
- Configuration Management Weak
- Physical Security Inadequate
- ...and 5 more
Each template includes:
- Pre-written problem description
- Affected NIST controls
- Recommended remediation steps
- Estimated timeline and cost
- Risk assessment
- Compensating controls
π Vendor Assessment Questionnaires (4 PDFs)
Third-party risk assessment tools (required by NIST 800-171):
- Standard Vendor Security Assessment (50 questions)
- CUI-Handling Vendor Assessment (75 questions)
- Cloud Service Provider Assessment (SaaS/IaaS specific)
- MSP Assessment Questionnaire (Managed Service Providers)
π Additional Resources (5 PDFs)
Strategic guides for the full compliance journey:
- CMMC Ecosystem Guide β Understanding C3PAOs, RPOs, CMMC-AB
- MSP Selection Guide β Choosing CMMC-capable managed service providers
- Budget Planning Guide β Total cost estimates ($50K-$200K typical)
- Contract Language Guide β DFARS clauses and flow-down requirements
- Certification Maintenance Guide β Staying compliant post-certification
Who This Package Is For (And Who It's Not For)
Perfect For
- Small to medium defense contractors
- Companies with an MSP or IT team
- Organizations avoiding $50K+ consulting fees
- Contractors using tools like PreVeil
Not For
- Organizations expecting implementation services
- Companies needing system configuration
- Enterprises needing hands-on compliance management
How Long Does Implementation Take?
Phase 1 (Weeks 1β4)
- Replace placeholders
- Identify gaps
- Prioritize controls
Phase 2 (Months 2β6)
- Configure access controls
- Deploy logging and monitoring
- Implement security tools
- Train staff
Phase 3 (Month 7)
- Self-assessment
- Collect evidence
- Document findings
Phase 4 (Month 8)
- Review documentation
- Practice C3PAO interview
- Final evidence collection
Phase 5 (Month 9)
- Schedule assessment
- Pass with zero findings
Get the Complete Package Today
Price - $4,997
One-Time Payment | Instant Download
Whatβs Included Summary
- 19 Security Policies
- 147 Templates
- 2 SSP Templates
- Executive Dashboards
- Full Implementation Guide
- All 240+ Files
- Email Support
- 30-Day Guarantee
SSL
Stripe
30-Day Guarantee
30-Day Money-Back Guarantee
Not satisfied? Full refund within 30 days.
Email to request a refund
austin.mcguire@keystonecommand.com
Frequently Asked Questions
Q1: Can I customize these templates?
Yes! These are meant to be tailored to your specific environment and operations. The templates use placeholders like [CLIENT_NAME] that you replace with your company information.
Q2: Do I still need a consultant?
Not necessarily. This package provides all documentation frameworks. Many organizations use consultants for technical implementation guidance and C3PAO liaison β but the documentation framework is complete. If you have an internal IT team or MSP, they can implement the controls using these templates.
Q3: What software do I need?
Text editor (free), Microsoft Word or LibreOffice (for .docx files), Excel or Google Sheets (for .xlsx files). Power BI Desktop (free) is optional for the interactive dashboard.
Q4: Will this work for NIST 800-171 compliance (non-DoD)?
Yes! CMMC Level 2 is based on NIST 800-171. This package works for any organization implementing these 110 controls, whether you need CMMC certification or just NIST 800-171 compliance.
Q5: How long does implementation take?
Typical timeline: 6-12 months. Phase 1 (Weeks 1-4): Customize documentation, identify gaps. Phase 2 (Months 2-6): Implement technical controls. Phase 3 (Month 7): Test and validate. Phase 4 (Month 8): Audit prep. Phase 5 (Month 9): C3PAO assessment. Detailed month-by-month implementation roadmap included in package.
Q6: What if I need help?
Email support included. Contact austin.mcguire@keystonecommand.com for questions about the documentation package. For technical implementation assistance, we can recommend MSPs and consultants who specialize in CMMC compliance.