ComplianceEngine
Sign inStart assessment
Placeholder text. Final legal copy is being prepared by the board / outside counsel and will replace this page before public launch on 2026-05-20. See COM-1 for the legal-text sourcing ask.

Disclaimer

Last updated: pending board-supplied text.

Self-assessment tool

Compliance Engine is a self-assessment tool. It helps you walk the NIST SP 800-171 Rev 2 control set, capture your own responses, compute the SPRS score using the published DoD methodology, and render an SSP and POA&M in the DoD-expected template structure.

Not a CMMC certification

Use of Compliance Engine does not constitute, replace, or substitute for a CMMC assessment performed by an accredited Third-Party Assessment Organization (C3PAO). Levels requiring certification still require a C3PAO assessment under the CMMC Program.

Not legal advice

Nothing in the Service is legal, regulatory, or compliance advice. For your specific situation, consult qualified counsel and compliance professionals.

Accuracy of outputs

The accuracy of generated SSPs, POA&Ms, and SPRS scores depends entirely on the inputs you provide. You are responsible for reviewing all outputs prior to any external submission, including any submission to the U.S. Department of Defense or the Supplier Performance Risk System (SPRS).

No affiliation

Compliance Engine is not affiliated with, endorsed by, or sponsored by the U.S. Department of Defense, NIST, the Cyber AB, or any C3PAO.