Certification Assistant

Manage risk and streamline the DoD certification process

Certification Assistant delivers self-guided, step-by-step platform for streamlining the implementation of controls and policies necessary to complete an accurate NIST 800-171 self-assessment, or to prepare for CMMC certification success. 

Face the challenge with confidence.

The coexistence of CMMC (Cybersecurity Maturity Model Certification) and NIST 800-171 represents a fresh and more complex challenge to U.S. Department of Defense contractors and suppliers handling sensitive information that has safeguarding requirements by law, otherwise known as Controlled Unclassified Information (CUI).

Certification Assistant enables suppliers to understand each control, and the tools, processes, and policies needed to satisfy them in order to achieve full compliance. Moreover, because CMMC Level 3 is built on NIST 800-171, Certification Assistant provides a bridge to prepare for CMMC Level 3 certification.


Reduce the resource and operational burdens that accompany complex, dynamic regulatory requirements for cybersecurity. Certification Assistant helps by:

  • Enabling cybersecurity evaluations through an intuitive, easy-to-use, and secure web interface
  • Offering guidance and resources to assist throughout the evaluation process
  • Providing a free 30-day subscription that addresses CMMC Level 1, and upgrades to CMMC Standard for CMMC Levels 1-3 (130 practices and three processes)
  • Assuring information security with Exostar’s Managed Access Gateway (MAG) and One Time Password (OTP) credentialing – these credentials are prerequisites for Certification Assistant access

Your security is our top priority. Our customers access and use all Exostar solutions with confidence assured through our MAG and OTP credentialing. New users needing to purchase access credentials are stepped through the process with online help available here. Please be aware that there are several steps to attaining Exostar credentials. Support is available if needed.

Use Case

A mid-sized supplier has self-attested to NIST 800-171 compliance and is now attempting to comply with requirements to achieve CMMC Level 3.

Challenge: Achieving NIST 800-171 compliance is a significant achievement in itself, and one made easier with Certification Assistant. As CMMC becomes the new norm, DoD suppliers must deal with existing contracts requiring NIST 800-171, and new contracts requiring CMMC certification. Suppliers will need assurance that existing efforts to maintain 800-171 documentation and compliance are not duplicated with the new CMMC certification requirements.

Solution: With Certification Assistant, existing and ongoing efforts for NIST 800-171 controls are mapped to their corresponding CMMC controls. For example, Certification Assistant’s Access Control 3.1.1 is mapped to CMMC Level 1, Access Control 1.001. The supplier answers this control in Certification Assistant, and meets the criteria for both NIST 800-171 and CMMC. There’s no duplication of effort.


  • Secure access control and information protection
  • Clarification and guidance on all controls and practices
  • Storage for documents, evidence, and evaluation criteria
  • Assigning and Tracking multiple action items
  • Status of compliance and identification of security gaps

Certification Assistant offers the flexibility of tiered options to accommodate different CMMC compliance levels. Each tier includes a dashboard and reporting for risk and compliance attributes and accommodates evidence and artifact uploading.

You can upgrade to Certification Assistant Standard or Premium at any time. So get started now on the road to all CMMC certification levels with Certification Assistant Lite.