Free CPCSC Audit Readiness Assessment

Answer 13 short questions to find out whether your company is likely to pass a CPCSC audit. Get an instant verdict, your highest-impact risks, and a clear next step. Takes about two minutes. No account required.

What the assessment covers

  • Identification & Authentication — multi-factor authentication on systems handling sensitive data.
  • Access Control — least privilege, role separation, and account review cadence.
  • Audit & Accountability — log collection, retention, and review.
  • Configuration Management — baseline configs and change tracking.
  • Incident Response — documented IR plan and tested escalation.
  • System & Communications Protection — boundary protection and encryption of sensitive data.
  • Risk & Security Assessment — security documentation or system security plan completeness and POA&M maturity.
  • Awareness & Training — annual security training for sensitive data handlers.

How scoring works

Each answer is mapped to one or more CPCSC practices. The engine produces a weighted readiness score and one of three verdicts:

  • Likely to Pass — controls appear in place; validate with evidence.
  • At Risk — meaningful gaps that could create findings or delays.
  • Likely to Fail — multiple disqualifying gaps; remediation needed before assessment.

What you get for free

  • Instant verdict and readiness score.
  • Preview of your top identified risks by control family.
  • A clear next step based on your score.

Optional Audit Fix Plan — $99

If you want every identified gap, prioritized remediation steps, the evidence a CPCSC assessor will ask for, and the recommended fix sequence, the full Audit Fix Plan is available as a one-time $99 report. Less than one hour of consultant cost. No subscription. No upsell.

Who should take this assessment

Canadian defense contractors and subcontractors handling sensitive defence information (Protected B) who are preparing for, or considering, a CPCSC certification assessment. Useful for IT leads, compliance owners, vCISOs, and small business owners scoping the work.

Frequently asked questions

Is this an official CPCSC assessment?

No. Only an authorized CPCSC assessor can perform an official CPCSC certification assessment. This is a readiness signal to help you prepare and prioritize.

Do I need to create an account?

No. The free assessment requires no login and no payment.

How accurate is the verdict?

The verdict reflects your self-reported posture across the most commonly failed CPCSC control families. It is designed to surface obvious gaps before you engage a CPCSC assessor.

Start the free assessment →

© CMMC Risk Engine. Educational tool. Not an official CMMC assessment.