The library. Plain English. No marketing.
Every artifact here is written by a former assessor or CISO. We do not gate the substance. The truth about CMMC is freely available to anyone willing to read it.
CMMC 2.0 vs CMMC 1.0
What collapsed from five levels to three, what survived, and what every contractor needs to internalize. The plain-English read.
DFARS 252.204-7012: The 14 Obligations
Every obligation under DFARS 7012 — incident reporting, CUI safeguarding, flow-down — distilled into a one-page audit checklist.
SPRS Score Estimator
Ten questions. We compute the likely SPRS score range you would post today, and where the weight will deduct from.
Will I Fail? Self-Assessment
A confidential 7-minute self-assessment that tells you which of the 14 families is most likely to drop your engagement.
Building a CUI Enclave
GCC-High, hardened workstation, or full enclave? The architectural decision that defines your CMMC budget for three years.
POA&M Mechanics
Which controls are POA&M-eligible. What 180-day closure actually requires. How POA&Ms get a certificate revoked.
How much contract value is on the line?
A blunt estimate of dollars at risk if your CMMC posture costs you eligibility for the next solicitation. Numbers are illustrative; the audit packet is the real answer.
The figure assumes loss of the active contract plus expected awards in the next 24 months if you remain ineligible to bid on CUI-bearing work.
- Direct contract loss
- $8.00M
- Pipeline opportunity loss
- $5.33M
- Emergency re-audit and surge
- $145K
We’ll route this to the founder for a 15-minute triage call. No spam list, no automation.
The 5 Controls That Fail 80% of Contractors.
A six-page brief authored from inside dozens of C3PAO engagements. Gated behind a single email and CAGE code so we know which side of the supply chain we are speaking to.
We do not sell or share your data. The brief is sent once, from a partner’s address.