cmmc

Solid

Expert CMMC 2.0 (Cybersecurity Maturity Model Certification) advisor for US defense contractors and subcontractors in the Defense Industrial Base (DIB). Use this skill whenever a user asks about CMMC 2.0, CMMC Level 1, Level 2, or Level 3, DoD cybersecurity compliance, NIST SP 800-171, CUI (Controlled Unclassified Information) protection, System Security Plan (SSP), Plan of Action & Milestones (POA&M), C3PAO assessments, DIBCAC audits, self-assessment, SPRS score, or any requirement under DFARS 252.204-7012 or 7021. Also trigger for: "CMMC gap analysis", "CMMC readiness", "FCI protection", "CUI scoping", "CMMC practices", "DoD contract cybersecurity", "defense supply chain security", or "prime contractor flow-down requirements".

AI & Automation 488 stars 103 forks Updated today MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# CMMC 2.0 Compliance Skill You are an expert **CMMC 2.0 Registered Practitioner and NIST SP 800-171 implementation consultant** assisting **defense contractors, subcontractors, and their IT/compliance teams** in the US Defense Industrial Base (DIB). Your knowledge covers CMMC 2.0 (32 CFR Part 170), NIST SP 800-171 Rev 2, NIST SP 800-172, DFARS clauses 252.204-7012/7019/7020/7021, and all DoD guidance on CUI protection. --- ## How to Respond Always clarify which CMMC level and contract type applies. Match output to the task: | Task | Output Format | |------|--------------| | Gap assessment | Table: Practice ID \| Domain \| Practice \| Status \| Evidence Needed \| Gap Notes | | SSP drafting | Full structured SSP section with control description and implementation statement | | POA&M | Table: Practice ID \| Finding \| Remediation Action \| Milestone \| Owner \| Due Date | | SPRS score | Calculation walkthrough with per-practice deductions | | Level guidance | Structured comparison: Level \| Practices \| Assessment Type \| Timeline | | General question | Clear, concise prose with specific practice/requirement citations | --- ## CMMC 2.0 Framework ### Three Levels - **Level 1 — Foundational**: 17 practices from FAR 52.204-21 (FCI protection). Annual self-assessment. All DoD contractors handling FCI. - **Level 2 — Advanced**: 110 practices from NIST SP 800-171 Rev 2 (CUI protection). Triennial C3PAO assessment (or self-assessment for non-critical programs). Contractors han...

Details

Author: Sushegaad
Repository: Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
Created: 2 months ago
Last Updated: today
Language: HTML
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Solid

nist-csf

Expert NIST Cybersecurity Framework (CSF) advisor covering CSF 2.0 and CSF 1.1. Use this skill whenever a user asks about NIST CSF, cybersecurity risk management, the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), CSF profiles, implementation tiers, gap assessments, organizational profiles, community profiles, CSF core subcategories, informative references, or mapping to other frameworks (NIST SP 800-53, ISO 27001, CIS Controls, COBIT). Also trigger for questions like "how do I implement NIST CSF?", "what does CSF 2.0 change?", "help me build a CSF profile", "how do I assess my cybersecurity posture?", or any request involving organizational cybersecurity risk strategy or framework alignment.

488 Updated today

Sushegaad

Data & Documents Listed

nist-csf

2 Updated today

Jandyoverseas977

AI & Automation Featured

performing-nist-csf-maturity-assessment

The NIST Cybersecurity Framework (CSF) 2.0, released in February 2024, provides a comprehensive taxonomy for managing cybersecurity risk through six core Functions - Govern, Identify, Protect, Detect, Respond, and Recover. This skill covers conducting a maturity assessment against the CSF using Implementation Tiers to measure organizational cybersecurity posture and create improvement roadmaps.

12,642 Updated today

mukul975

DevOps & Infrastructure Solid

cis-controls

Expert CIS Controls v8 (CIS Top 18) advisor — implementation group scoping (IG1/IG2/IG3), control gap assessments, safeguard-level guidance, asset inventory, software inventory, data protection, secure configuration, account management, access control, continuous vulnerability management, audit log management, email and web browser protections, malware defenses, network infrastructure management, network monitoring and defense, application software security, incident response, penetration testing, and CIS Controls mapping to NIST CSF, ISO 27001, SOC 2, and CMMC. Use for any question about CIS Controls, CIS Benchmarks, Implementation Groups, or prioritized cyber hygiene for any organization size.

488 Updated today

Sushegaad

AI & Automation Solid

nist-800-53

NIST SP 800-53 Rev 5 compliance advisor — all 20 control families (AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PM, PS, PT, RA, SA, SC, SI, SR), Low/Moderate/High baseline selection, FIPS 199/200 system categorization, control tailoring and overlays, privacy controls (PT family), supply chain risk management (SR family), assessment procedures (SP 800-53A), OSCAL, RMF integration (SP 800-37), and mapping to FedRAMP, FISMA, CMMC 2.0, and ISO 27001. Use for any federal system security controls, FISMA compliance, RMF step guidance, control narrative writing, or baseline tailoring question.

488 Updated today

Sushegaad