Certification Assistant

Manage risk and streamline the DoD certification process

Cybersecurity Tools for the DIB

Certification Assistant is a NIST 800-171 tool that delivers a self-guided, step-by-step platform for streamlining the implementation of controls and policies necessary to complete an accurate NIST 800-171 self-assessment, or to prepare for CMMC 2.0 certification success. With Certification Assistant, DOD contractors, and sub-contractors easily generate and manage SSP, POAM and DOD Methodology Assessment Score (SPRS report) for DOD compliance.

Face the challenge with confidence.

CMMC 2.0 (Cybersecurity Maturity Model Certification) and required NIST 800-171 self-assessments present a more complex challenge to U.S. Department of Defense contractors and suppliers handling sensitive information that has safeguarding requirements by law, otherwise known as Controlled Unclassified Information (CUI).

Certification Assistant enables suppliers to understand each control, and the tools, processes, and policies needed to satisfy them in order to achieve full compliance with NIST 800-171 Rev 2 requirements. Moreover, because CMMC 2.0 Level 2 is built on NIST 800-171, Certification Assistant provides a bridge to prepare for CMMC 2.0 Levels 2 and 3 certification.


Reduce the resource and operational burdens that accompany complex, dynamic regulatory requirements for cybersecurity. Certification Assistant helps by:

  • Enabling cybersecurity evaluations through an intuitive, easy-to-use, and secure web interface
  • Offering guidance and resources to assist throughout the evaluation process
  • Providing a free 15-day subscription that addresses NIST 800-171, CMMC 2.0 Level 1, and upgrades to CMMC Standard for CMMC 2.0 Levels 2 and 3

Use Case

A mid-sized supplier has self-attested to NIST 800-171 compliance and is now attempting to comply with requirements to achieve CMMC 2.0 Level 2.

Challenge: Achieving NIST 800-171 compliance is a significant achievement in itself, and one made easier with Certification Assistant. As CMMC 2.0 becomes the new norm, DoD suppliers must deal with existing contracts requiring NIST 800-171, and new contracts requiring CMMC 2.0 certification. Suppliers will need assurance that existing efforts to maintain 800-171 documentation and compliance are not duplicated with the new CMMC 2.0 certification requirements.

Solution: With Certification Assistant, existing and ongoing efforts for NIST 800-171 controls are mapped to their corresponding CMMC controls. For example, Certification Assistant’s Access Control 3.1.1 is mapped to CMMC Level 1, Access Control 1.001. The supplier answers this control in Certification Assistant, and meets the criteria for both NIST 800-171 and CMMC. There’s no duplication of effort.


  • Secure access control and information protection
  • Clarification and guidance on all controls and practices
  • Storage for documents, evidence, and evaluation criteria
  • Assigning and Tracking multiple action items
  • Status of compliance and identification of security gaps
  • Generation of DoD Assessment Methodology-based Basic Assessment Report, SSP and POAM for NIST 800-171 and CMMC
  • Importing assessment data of Exostar Partner Information Manager

Certification Assistant offers the flexibility of tiered options to accommodate NIST 800-171 and different CMMC 2.0 compliance levels. Each tier includes a dashboard and reporting for risk and compliance attributes and accommodates evidence and artifact uploading.

So get started now on the road to full NIST 800-171 and CMMC 2.0 compliance.