CMMCDocs.comHome / Glossary / Assessment Package
Assessment Package
Also known as: Pre-assessment package · C3PAO deliverable
The complete set of documentation and evidence a contractor delivers to a C3PAO before a CMMC Level 2 assessment. The starting artifact of the assessment process.
The assessment package is the complete bundle of documentation and evidence that an Organization Seeking Certification (OSC) delivers to its C3PAO before the on-site (or virtual) portion of a CMMC Level 2 assessment begins. The C3PAO uses the package to scope the assessment, prepare interview questions, identify evidence gaps, and plan the on-site visit.
A complete assessment package typically includes: the System Security Plan (SSP), the network and data flow diagrams, the asset inventory categorized by IS / SPA / CRMA / OOS, the shared responsibility matrix for every external service provider touching CUI, all open POA&M items with milestones and owners, the evidence index keyed to assessment objectives, training records, the incident response plan and recent tabletop artifacts, the prior self-assessment results, and the SPRS score and affirmation history.
The quality of the assessment package is the strongest signal a C3PAO has about the maturity of the contractor's program. A clean, organized package leads to a faster, smoother assessment. A scattered package leads to more findings and more billable hours.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account