CMMC Readiness Report
Loading… ← Dashboard + New Scan
🌏
CMMC Readiness & Evidence Report

Upload a security log file to receive a structured CMMC Level 2 readiness assessment with dual scoring, NIST 800-171 control mapping, and audit-ready evidence documentation.

  • 1 Upload one or more log files (firewall, auth, DNS, IDS) using the panel on the left
  • 2 Click Analyse for CMMC
  • 3 Review Risk Score, Readiness Score, cross-source correlations, and NIST coverage
  • 4 Print or save as PDF for assessor evidence
Analysing log files for CMMC readiness…
CMMC Readiness & Evidence Report
Scope of this report: This report evaluates log-derived security evidence relevant to CMMC readiness. It does not determine full control implementation — it highlights where current logging supports auditability and where additional evidence, monitoring, or process maturity is needed.
Operational Threat — From Submitted Log Data
Observed Activity Level
0
Critical
0
High
0
Medium
0
Low
Compliance Readiness — Evidence Quality
Readiness Level
0
Events Reviewed
Evidence Gaps
Monitoring Coverage
Detection Capability
Response Capability
Compliance Readiness
Observed Threat Activity
/ 100
CMMC Readiness Score
/ 100
Log-Derived Evidence Coverage (Estimate)
Percentages reflect observable evidence from submitted log data only — not full control implementation. Controls requiring policies, procedures, vulnerability scans, asset inventories, or IR documentation cannot be assessed from logs alone.
ⓘ How Scores Are Calculated
Observed Threat Activity Score
Based on severity and volume of detected threats in submitted logs:
Critical findings ×30 + High ×20 + Medium ×7 + Low ×2
Risk modifiers: Repeated failed login pattern (+8)  |  Privilege-related activity (+10)  |  Confirmed multi-source correlation (+10)  |  Behavioral correlation / multi-source submitted (+5)  |  Anomaly intensity — high-volume pattern (DNS tunneling, TXT flood, P1 IDS spike) (+10)
A score of 0 means no threat activity was detected in submitted logs. It does not mean the organization has zero risk.
CMMC Readiness Score
Based on quality and breadth of log-observable evidence:
Audit log evidence (+25)  |  Access / failed login monitoring (+15)  |  Incident indicators or alert evidence (+20)  |  System monitoring evidence (+20)  |  Remediation or response evidence (+5)  |  Executive reporting evidence (+10)
Reflects log-derived evidence only. Full CMMC readiness also requires policies, procedures, asset inventories, vulnerability management, IR documentation, and formal assessor review.

1 — Executive Summary

2 — Environment Overview

3 — Key Findings

4 — Threat & Activity Analysis

5 — Correlated Activity Analysis

6 — Visibility Limitations

7 — NIST SP 800-171 Control Support Mapping

Control How Log Evidence Supports This Control

8 — CMMC Policy Evidence Support

For each NIST SP 800-171 control family, this section identifies what was observed in the submitted log data, what gaps remain, and whether this log source supports the control. This evidence can be cited in your System Security Plan (SSP) or presented to a C3PAO assessor.

9 — Remediation Recommendations

10 — Compliance Readiness Assessment

Strengths Observed
    Gaps Identified

      11 — Continuous Monitoring & Evidence Value

      12 — Disclaimer