baref00t.io

// compliance / cmmc

CMMC Level 1 & 2 Readiness Assessment

US

CMMC 2.0 | US

Prepare for Cybersecurity Maturity Model Certification. Required for all US Department of Defense contractors handling FCI or CUI. CMMC 2.0 final rule effective December 2024.

One-off
$399

Single report, no commitment.

Monthly
$199/month

Continuous monitoring — fresh report every 30 days.

Available in AUD, USD, GBP, EUR, SGD. MSP partners get volume discounts via the partner programme.

What it scores

CMMC1

Level 1

17 practices (FCI protection) — ~50% automated

CMMC2

Level 2

110 practices mapping to NIST SP 800-171 Rev 2

CMMC3

14 domains

Access Control, Audit, Config Mgmt, Incident Response + more

CMMC4

Automated checks on identity, authentication, logging, and endpoints

CMMC5

SSP/POA&M evidence mapping for audit preparation

CMMC6

Gap-to-certification roadmap with priority scoring

Microsoft APIs

  • Microsoft Graph (universal scopes, read-only across the tenant)
  • Azure REST (when the product reads Azure subscription posture)
  • Defender + Intune APIs where applicable

Customer prerequisites

  • Microsoft 365 tenant with admin-consent capability
  • Global Reader or equivalent for the consenting admin
  • No agent installs, no infrastructure changes required
  • Report delivered by email within 10 minutes of consent

Other Compliance

e8
Essential Eight ML1, ML2 & ML3 Assessment

Assess your compliance with the ACSC Essential Eight Maturity Model. Mandatory for Australian Government entities under

mcsb
Cloud Security Benchmark v2 Assessment

Assess your Azure and Microsoft 365 environment against the Microsoft Cloud Security Benchmark v2 — 14 control domains c

cism365
CIS Microsoft 365 Benchmark Assessment

Assess your Microsoft 365 tenant against the CIS Benchmark — the industry-standard security configuration guide recognis

See all Compliance Assessments