Slash Command

/assess

Assesses CMMC v2.0 readiness for target level (1-3) with optional scope, producing compliance score, domain gaps, practice status, C3PAO preparation, and remediation roadmap.

security

Install

npx claudepluginhub grcengclub/claude-grc-engineering --plugin cmmc

Prompt Preview

# CMMC Assessment

Evaluates organizational readiness for Cybersecurity Maturity Model Certification (CMMC) v2.0.

## Arguments
- `$1` - Target CMMC level (required: 1, 2, or 3)
- `$2` - Assessment scope (optional: full, gap-analysis, specific-domain)

## CMMC Levels

| Level | Name | Description | Requirements |
|-------|------|-------------|--------------|
| 1 | Foundational | Basic cyber hygiene | Annual self-assessment, 17 practices |
| 2 | Advanced | Intermediate cyber hygiene | Triennial 3rd party assessment (C3PAO), 110 practices |
| 3 | Expert | Advanced/progressive cybersecurity | ...

Command Content

Other plugins with /assess

/assess

Assesses code, designs, or approaches across dimensions like correctness, maintainability, security, performance; rates 0-10 with pros/cons and recommendations.

AskUserQuestionReadGrep+8

ork

133

/assess

Assesses a local repo against a wiki's research and market landscape, producing gap analysis, opportunities, and competitive insights.

ReadWriteEdit+10

wiki

/assess

Assesses HITRUST CSF readiness for specified type (i1, r2, e1) and optional scope, producing readiness score, domain breakdowns, gap analysis, and remediation roadmap.

hitrust

/assess

Assesses CIS Controls v8 compliance for specified Implementation Group (IG1/IG2/IG3), with optional full, gap-analysis, or specific-control scope.

cis-controls

/assess

Assesses US ITAR and EAR export controls compliance readiness across 7 controls each plus jurisdiction determination. Supports itar/ear/both scopes and quick/detailed depths.

us-export

/assess

Assesses IRAP compliance readiness for Australian government cloud services based on ISM and Essential Eight, evaluating maturity levels for specified classification (official, protected, secret).

irap

Stats

Parent Repo Stars21

Parent Repo Forks4

Last CommitApr 13, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

# CMMC Assessment Evaluates organizational readiness for Cybersecurity Maturity Model Certification (CMMC) v2.0. ## Arguments - `$1` - Target CMMC level (required: 1, 2, or 3) - `$2` - Assessment scope (optional: full, gap-analysis, specific-domain) ## CMMC Levels | Level | Name | Description | Requirements | |-------|------|-------------|--------------| | 1 | Foundational | Basic cyber hygiene | Annual self-assessment, 17 practices | | 2 | Advanced | Intermediate cyber hygiene | Triennial 3rd party assessment (C3PAO), 110 practices | | 3 | Expert | Advanced/progressive cybersecurity | ...

CMMC Assessment

Evaluates organizational readiness for Cybersecurity Maturity Model Certification (CMMC) v2.0.

Arguments

$1 - Target CMMC level (required: 1, 2, or 3)

$2 - Assessment scope (optional: full, gap-analysis, specific-domain)

CMMC Levels

Level

Name

Description

Requirements

Foundational

Basic cyber hygiene

Annual self-assessment, 17 practices

Advanced

Intermediate cyber hygiene

Triennial 3rd party assessment (C3PAO), 110 practices

Expert

Advanced/progressive cybersecurity

Triennial Govt-led assessment, 110+ practices

Assessment Output

Readiness Score: Overall compliance percentage by level

Domain Gaps: Which of the 14 domains need attention

Access Control (AC)
Asset Management (AM)
Audit and Accountability (AU)
Awareness and Training (AT)
Configuration Management (CM)
Identification and Authentication (IA)
Incident Response (IR)
Maintenance (MA)
Media Protection (MP)
Personnel Security (PS)
Physical Protection (PE)
Recovery (RE)
Risk Management (RM)
Security Assessment (CA)
Situational Awareness (SA)
System and Communications Protection (SC)
System and Information Integrity (SI)

Practice Implementation Status: Per-practice compliance

C3PAO Preparation: Readiness for third-party assessment

Remediation Roadmap: Prioritized action plan

Examples

# Full Level 2 assessment for DoD contractor /cmmc:assess 2 full # Gap analysis for Level 1 compliance /cmmc:assess 1 gap-analysis # Specific domain assessment /cmmc:assess 2 "Access Control"

CMMC Assessment

Evaluates organizational readiness for Cybersecurity Maturity Model Certification (CMMC) v2.0.

Arguments

$1 - Target CMMC level (required: 1, 2, or 3)
$2 - Assessment scope (optional: full, gap-analysis, specific-domain)

CMMC Levels

Level	Name	Description	Requirements
1	Foundational	Basic cyber hygiene	Annual self-assessment, 17 practices
2	Advanced	Intermediate cyber hygiene	Triennial 3rd party assessment (C3PAO), 110 practices
3	Expert	Advanced/progressive cybersecurity	Triennial Govt-led assessment, 110+ practices

Assessment Output

Readiness Score: Overall compliance percentage by level
Domain Gaps: Which of the 14 domains need attention
- Access Control (AC)
- Asset Management (AM)
- Audit and Accountability (AU)
- Awareness and Training (AT)
- Configuration Management (CM)
- Identification and Authentication (IA)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Personnel Security (PS)
- Physical Protection (PE)
- Recovery (RE)
- Risk Management (RM)
- Security Assessment (CA)
- Situational Awareness (SA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
Practice Implementation Status: Per-practice compliance
C3PAO Preparation: Readiness for third-party assessment
Remediation Roadmap: Prioritized action plan

Examples

# Full Level 2 assessment for DoD contractor
/cmmc:assess 2 full

# Gap analysis for Level 1 compliance
/cmmc:assess 1 gap-analysis

# Specific domain assessment
/cmmc:assess 2 "Access Control"