CMMC Pricing

Select the CMMC Level That’s Right for your Organization
30 Day Free Trial. No credit card required.
Level 3
Level 1 – 3 Practices
$1,800/year
Billed Annually
Adjust Slider to Desired Level
CMMC Lite
(Limited Features)
Start Free Trial
Platform Features
Auto-Generated Documentation 1
17 CMMC Domain-Specific Policies 2
Multiple Users
CSP-Blind Encryption
Evidence Storage
POA&Ms
Progress Visualization
2FA
Task Assignment
Email/SMS Task Reminders 3
SSP Revision History
1 Includes System Security Plan (SSP)
2 Available with Level 2 – Level 5 Subscriptions
3 Coming Soon
All user-supplied content (text, evidence, etc.) is encrypted in the browser with an AES-256 key generated by the user before transmission to ComplyUp. Bottom Line: We couldn’t decrypt your data if we wanted to.
Frequently Asked Questions
CMMC is about maturity as much as it is practice. It is not a one-and-done assessment. You will need to be able to demonstrate how your organization’s cybersecurity matures over time as well as have the current documentation to prove it. It’s also a requirement in both CMMC and NIST 800-171 to “periodically update System Security Plans”.

ComplyUp’s platform will provide you with version control on your auto-generated documentation. This means you’ll be able to show the first System Security Plan you created as well as the most recent.

Certifications for CMMC will need to be renewed every three years so it’s more important than ever to stay current on the regulation and supporting documentation that goes with it.
This is a tough question to answer right now. The simple answer is that no one is quite sure. Here are some things that we do know:

– We know that if you are receiving CUI then you will need to certify at CMMC Level 3.
– We also know that the current standard in place is NIST 800-171, which covers over 80% of CMMC Level 3.
– We also know everyone doing business with the DoD is going to be required, at a minimum, to achieve a level 1 certification.
This depends entirely on how many systems in your organization receive CUI. Identify the IT systems that need assessed and if there are more than one, you’ll need more than one assessment. If you only have one system that receives or stores CUI then it’s likely you will only need one assessment.
Simply log into your ComplyUp assessment and hit the “upgrade” button at the top right of the screen.