Skip to content
Start Free →
CMMC 2.0

CMMC 2.0 Compliance Diagnostics for Defense Contractors

For defense contractors and C3PAOs — connected or air-gapped. Full Level 2 practice coverage. Bayesian diagnostics for all 110 practices across 14 domains.

Run a CMMC diagnostic Talk to us →

Free resource: Run a CMMC tabletop exercise in 60 minutes →

110 CMMC Practices
14 Domains
1,000+ SCF Controls
94 MCP Tools
FOR C3PAOs & ASSESSORS

Mock assessment mode

Run full mock assessments against all 110 practices. SPRS scoring. POA&M generation. Client session management. War games at $50/session flat fee.

Consulting Partner — $99/assessor/mo →

Air-gapped deployment

CubeletCore runs in your environment. Two-container architecture, no Neo4j required for single-session use cases. Ed25519 signature-based activation. AWS Bedrock GovCloud as default for DIB clients.

CubeletCore License — Contact Sales →
AWARENESS & TRAINING · CMMC DOMAIN AT

Awareness & Training is where most organizations fail.

CMMC Level 2 requires that every person with access to CUI can demonstrate role-appropriate cybersecurity awareness and training — not just completion. Not a signature on a policy. Demonstrated capability. GRID42 is the only platform that maps Awareness & Training requirements to individual work roles, diagnoses the gaps, delivers the training, and issues a verifiable credential your C3PAO assessor can inspect before they arrive.

Run an AT diagnostic at app.cubelet.ai →

Work Role 612 · NICE DCWF · Sample pathway

AT Requirement GRID42 Response
Role-based awareness training Scaffold maps Work Role 612 judgment dimensions
Demonstrated capability (not completion) BKT mastery threshold at 0.60 per dimension
Recurring training cadence Continuous loop — HAS_GAP triggers new pathway
Evidence for assessor W3C VC Passport — verifiable, not self-reported
Organization-level posture Aggregate heat map across all work roles

NICE DCWF work role mappings available for all 52 Work Roles in the Cybersecurity domain. Learn about judgment pathways →

FREQUENTLY ASKED QUESTIONS
What is CMMC 2.0?
The Cybersecurity Maturity Model Certification is a DoD framework requiring defense contractors to demonstrate cybersecurity practices. Level 2 covers 110 practices across 14 domains for handling Controlled Unclassified Information (CUI).
What is the difference between Level 1 and Level 2?
Level 1 covers 15 basic practices for Federal Contract Information (FCI) with self-assessment. Level 2 covers 110 practices for CUI and requires a third-party C3PAO assessment.
Can this run in an air-gapped environment?
Yes. CubeletCore deploys as a two-container architecture with no external dependencies. Ed25519 signature-based activation. AWS Bedrock GovCloud is the default for DIB clients.
How does GRID42 work with C3PAOs?
We provide mock assessment mode so assessors can run full practice-by-practice diagnostics with their clients. SPRS scoring, POA&M generation, and client session management included.
What is a Bayesian diagnostic?
Unlike binary pass/fail tests, Bayesian Knowledge Tracing continuously updates its estimate of your competency with every response. It identifies specific practice gaps, not just aggregate scores.
How does GRID42 address CMMC Awareness & Training (AT) domain requirements?
GRID42 maps CMMC AT requirements to individual work roles using the NICE DCWF framework. The Scaffold diagnostic measures role-appropriate judgment capability — not just training completion. When a gap is found, Pursuit delivers targeted cubelet training. The Passport issues a W3C Verifiable Credential your C3PAO assessor can independently verify. This closes the gap between "they completed AT training" and "they demonstrated AT capability."

CMMC assessment scheduled?

The only CMMC judgment engine that runs as an MCP tool inside your AI workflow. Connected or air-gapped.

Configure your CMMC infrastructure →