A GRC tool designed specifically for NIST 800-171 and CMMC compliance. Runs entirely on-premises in Docker, so your sensitive data never leaves your network.
From purchase to assessment-ready in five straightforward steps
Buy the tool online and receive your license key and Docker image via email immediately.
Load the Docker container in your own environment. Your data never leaves your network.
Work through NIST 800-171 controls with pre-filled responses and contextual guidance.
Attach required evidence and documentation for each control using our checklist.
Track progress, generate reports, and get ready for your C3PAO or self-assessment.
Everything you need to prepare for your CMMC assessment
All 110 controls and assessment objectives from NIST 800-171a for Level 2 systems. All 17 controls for Level 1 systems.
Editable templates to accelerate your documentation. Don't start from scratch—customize our suggested responses for your environment.
Checklist of required evidence with upload capability for each control. Know exactly what documentation assessors expect.
Guidance and help statements for each control explaining what assessors are looking for, in plain language.
Track completion status across all control families. See your tentative and reviewed scores at a glance.
Guided preparation for both Level 1 self-assessment and Level 2 C3PAO assessment. Review and approval workflows included.
Built-in tools to assist with Access Control policy creation, user tracking, and other compliance requirements.
Transparent pricing. No hidden fees, no surprise costs.
Annual subscription
Best for companies handling FCI only
Annual subscription
Best for companies handling CUI
Our deployment model is a key differentiator that saves you money and complexity
Cloud-hosted GRC tools handling CUI require FedRAMP Moderate authorization. By running on-premises, we avoid this mandate entirely—saving $500k-$1M in compliance costs that would otherwise be passed to you.
Sensitive compliance documentation and CUI never leaves your controlled environment. Full data sovereignty with no third-party access.
Tool works offline after initial license validation. Periodic re-validation with grace period supports air-gapped environments common in the defense sector.
Single container deployment. If you can run Docker (and we'll show you how), you can run B2CMMC. No complex infrastructure required.
Minimal infrastructure needed to run B2CMMC
Optional expert guidance from a CMMC Registered Practitioner
Purchase hours as needed
Select quantity during checkout
The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework required for companies in the Defense Industrial Base (DIB) that want to do business with the Department of Defense. CMMC Level 1 is for companies handling Federal Contract Information (FCI), while Level 2 is for those handling Controlled Unclassified Information (CUI).
Cloud-hosted GRC tools that handle CUI are required to have FedRAMP Moderate authorization—a process that costs $500,000 to $1 million and $150,000+ annually to maintain. These costs get passed to customers. By running on-premises, we avoid FedRAMP entirely, allowing us to offer our tool for $150-$300 instead of $2,000+. Plus, your sensitive data never leaves your network.
After purchase, you receive a license key and a Docker image file (.tar) via email. You load the Docker container in your environment and enter your license key on first run. The container validates your license online initially, then periodically re-validates with a grace period for offline operation.
The software includes documentation and contextual help within the tool. For additional support, you can purchase RP consulting hours or contact us via email. We're also happy to answer questions before purchase.
With on-premises deployment, you are responsible for securing the environment where the tool runs. This includes keeping Docker updated, securing network access to the tool, and maintaining backups of your data. For most organizations already handling CUI, this is consistent with your existing security responsibilities.
We don't currently offer a free trial, but at $150/year for Level 1, the barrier to entry is intentionally low. If you have questions about whether the tool is right for you, please contact us and we'll help you decide.
If your contracts only involve Federal Contract Information (FCI), you need Level 1. If you handle Controlled Unclassified Information (CUI)—which includes most technical data, export-controlled information, and sensitive government data—you need Level 2. When in doubt, check your contracts or contact us for guidance.
We're happy to answer any questions about our tools or help you determine which level you need.
Contact Us