u/razec00123

Hey everyone,

I work as a software engineer and through my graduate studies in cybersecurity policy and my day to day work I kept seeing the same pain points for small DoD contractors. Understanding what each control actually requires, calculating SPRS correctly and generating documentation that holds up under scrutiny.

So I built a tool to solve this. Learned a ton along the way about where contractors actually get stuck in the self assessment process.

Happy to share what I found or answer any questions about NIST 800-171 and SPRS scoring. Also genuinely looking for feedback from anyone who has been through a real CMMC assessment recently