CMMC Compliance Engine · Wrightbrained Security

Complete File Reference

Every document included in each tier — organized by folder. All files are NIST 800-171 Rev 2 mapped and ready to customize.

Starter Files

137

Professional Files

205

Complete Files

Tier 1

Starter

$2,500

Complete policy library, SSP, operational tracking tools, agreements, and assessment workbooks for CMMC Level 2 readiness.

Total Files

Getting Started

📎

Client Implementation Roadmap

PKG-GUIDE-01

📎

Package File Reference

REF-01

System Security Plan

📎

System Security Plan

SSP-01

Policies (14 Domains)

📎

Access Control Policy

POL-AC-01

📎

Awareness and Training Policy

POL-AT-01

📎

Audit and Accountability Policy

POL-AU-01

📎

Security Assessment Policy

POL-CA-01

📎

Configuration Management Policy

POL-CM-01

📎

Identification and Authentication Policy

POL-IA-01

📎

Incident Response Policy

POL-IR-01

📎

System Maintenance Policy

POL-MA-01

📎

Media Protection Policy

POL-MP-01

📎

Physical Protection Policy

POL-PE-01

📎

Personnel Security Policy

POL-PS-01

📎

Risk Assessment Policy

POL-RA-01

📎

System Communications Protection Policy

POL-SC-01

📎

System and Information Integrity Policy

POL-SI-01

Customization Guides

📎

Master Policy Customization Guide

GUIDE-POL-MASTER-01

Agreements & Forms

📎

Acceptable Use Agreement

AGR-AUP-01

📎

Contractor Access Agreement

AGR-CTA-01

📎

CUI Handling Agreement

AGR-CUI-01

📎

Non Disclosure Agreement

AGR-NDA-01

📎

Privileged Access Agreement

AGR-PAM-01

📎

Policy Acknowledgment Form

AGR-POL-01

📎

Remote Work Security Agreement

AGR-RWK-01

Tracking & Operational Tools

📎

Separation of Duties Matrix

AC-SOD-01

📎

User Account Inventory

IA-INV-01

📎

Hardware Asset Inventory

INV-HW-01

📎

Software Asset Inventory

INV-SW-01

📎

Plan of Action and Milestones

POAM-TRK-01

📎

Personnel Security Roster

PS-INV-01

Assessment Tools

📎

Risk Assessment Workbook

RA-WRK-01

Training & Awareness

📎

Security Awareness Training

AT-TRN-01

Tier 2

Professional

$4,500

Everything in Starter plus full procedure library, incident response plan and playbooks, M365/Sentinel guides, and all assessment tools.

137

Total Files

✓ Includes all 33 Starter files, plus 106 additional files:

System Security Plan

📎

CUI Data Flow Diagram

📎

Network Architecture Diagram

Procedures

📎

Training Records Management Procedure

AT-REC-01

📎

Audit Configuration Procedure

AU-CFG-01

📎

Log Correlation Analysis Procedure

AU-COR-01

📎

Baseline Configuration Document

CM-BAS-01

📎

Access Control User Management Procedure

PRO-AC-01

📎

Privileged Access Management Procedure

PRO-AC-02

📎

Remote Access Procedure

PRO-AC-03

📎

Wireless Access Control Procedure

PRO-AC-04

📎

External Connections Boundary Procedure

PRO-AC-05

📎

Least Privilege Separation of Duties Procedure

PRO-AC-06

📎

Security Awareness Training Procedure

PRO-AT-01

📎

Audit Log Management Procedure

PRO-AU-01

📎

Security Assessment and Plan of Action Procedure

PRO-CA-01

📎

POAM Management Procedure

PRO-CA-02

📎

Continuous Monitoring Procedure

PRO-CA-03

📎

Baseline Configuration Management Procedure

PRO-CM-01

📎

Software Allowlisting and System Inventory Procedure

PRO-CM-02

📎

Configuration Change Management Procedure

PRO-CM-03

📎

Mobile Device MDM Procedure

PRO-CM-04

📎

CUI Handling All Staff Procedure

PRO-CUI-01

📎

Account Lifecycle Management

PRO-IA-01

📎

Authentication Management

PRO-IA-02

📎

Privileged Service Account Authentication

PRO-IA-03

📎

Device System Authentication

PRO-IA-04

📎

Authenticator Protection Compromise Response

PRO-IA-05

📎

Incident Handling Procedure

PRO-IR-01

📎

Incident Response Testing Procedure

PRO-IR-02

📎

Maintenance Authorization Scheduling Procedure

PRO-MA-01

📎

Remote Maintenance Procedure

PRO-MA-02

📎

Maintenance Tool Media Control Procedure

PRO-MA-03

📎

Maintenance Personnel Authorization Procedure

PRO-MA-04

📎

Media Handling Storage Procedure

PRO-MP-01

📎

Media Transport Procedure

PRO-MP-02

📎

Media Sanitization Destruction Procedure

PRO-MP-03

📎

Media Access Accountability Procedure

PRO-MP-04

📎

Physical Access Control Procedure

PRO-PE-01

📎

Visitor Control Escort Procedure

PRO-PE-02

📎

Physical Access Monitoring Procedure

PRO-PE-03

📎

Physical Media Storage Facility Protection Procedure

PRO-PE-04

📎

Physical Access Authorization Review Procedure

PRO-PE-05

📎

Personnel Screening Onboarding Procedure

PRO-PS-01

📎

Personnel Transfer Role Change Procedure

PRO-PS-02

📎

Personnel Termination Offboarding Procedure

PRO-PS-03

📎

Risk Assessment Procedure

PRO-RA-01

📎

Vulnerability Scanning Procedure

PRO-RA-02

📎

Risk Response Treatment Procedure

PRO-RA-03

📎

Boundary Protection Network Segmentation Procedure

PRO-SC-01

📎

Cryptographic Protection Key Management Procedure

PRO-SC-02

📎

Remote Access Session Security Procedure

PRO-SC-03

📎

Supply Chain Risk Management Procedure

PRO-SC-04

📎

Flaw Remediation and Patch Management Procedure

PRO-SI-01

📎

Malicious Code Protection Procedure

PRO-SI-02

📎

Security Monitoring and Intrusion Detection Procedure

PRO-SI-03

Customization Guides

📎

Access Control Customization Guide

GUIDE-AC-01

📎

Awareness and Training Customization Guide

GUIDE-AT-01

📎

Audit and Accountability Customization Guide

GUIDE-AU-01

📎

Security Assessment and Authorization Customization Guide

GUIDE-CA-01

📎

Configuration Management Customization Guide

GUIDE-CM-01

📎

Identification and Authentication Customization Guide

GUIDE-IA-01

📎

Incident Response Customization Guide

GUIDE-IR-01

📎

Maintenance Customization Guide

GUIDE-MA-01

📎

Media Protection Customization Guide

GUIDE-MP-01

📎

Physical and Environmental Protection Customization Guide

GUIDE-PE-01

📎

Personnel Security Customization Guide

GUIDE-PS-01

📎

Risk Assessment Customization Guide

GUIDE-RA-01

📎

System and Communications Protection Customization Guide

GUIDE-SC-01

📎

System and Information Integrity Customization Guide

GUIDE-SI-01

Incident Response

📎

IR-LOG-01

📎

Ransomware Playbook

IR-PLB-01

📎

Data Breach Playbook

IR-PLB-02

📎

Phishing Attack Playbook

IR-PLB-03

📎

Malware Playbook

IR-PLB-04

📎

Insider Threat Playbook

IR-PLB-05

📎

DDoS Attack Playbook

IR-PLB-06

📎

Zero Day Attack Playbook

IR-PLB-07

📎

Incident Response Plan

IR-PLN-01

Agreements & Forms

📎

Access Request Approval Form

ACC-REQ-01

📎

Bring Your Own Device Agreement

AGR-BYOD-01

📎

Data Security Agreement

AGR-DSA-01

📎

Sensitive Information Protection Agreement

AGR-SIP-01

📎

AT-REC-01

📎

Configuration Change Request Form

CM-CHG-01

📎

Log Review Checklist

LOG-CHK-01

📎

PE-LOG-01

Tracking & Operational Tools

📎

CUI Registry

CUI-REG-01

📎

CUI Data Inventory and Scoping Worksheet

CUI-SCOPE-01

📎

Evidence and Implementation Tracker

EVID-TRK-01

📎

Cloud Services Inventory

INV-CLD-01

📎

Compliance Maintenance Calendar

MAINT-CAL-01

📎

Monitoring Maintenance Schedule

MON-MAINT-01

📎

Physical Access Inventory

PE-INV-01

Assessment Tools

📎

CMMC-Evidence-Map

📎

Self Assessment Workbook

NIST_800-171

📎

Risk Assessment Report

RA-RPT-01

Microsoft 365 & Sentinel Guides

📎

MFA and Conditional Access

M365-01

📎

Purview CUI Labeling DLP

M365-02

📎

Defender for Endpoint

M365-03

📎

Sentinel SIEM

M365-04

📎

Audit Logging

M365-05

📎

Intune Endpoint Management

M365-06

📎

Exchange Email Security

M365-07

📎

SharePoint OneDrive Security

M365-08

📎

End User Security Quick Start

M365-09

Training & Awareness

📎

Security Awareness Training

AT-TRN-01

Tier 3

Complete

$7,000

Everything in Professional plus 14 APREP assessment preparation packages, 50 automation scripts, and vendor/supply chain tools.

205

Total Files

✓ Includes all 137 Professional files, plus 69 additional files:

Assessment Preparation (APREP)

📎

Access Control

APREP-AC-01

📎

Awareness and Training

APREP-AT-01

📎

Audit and Accountability

APREP-AU-01

📎

Security Assessment and Authorization

APREP-CA-01

📎

Configuration Management

APREP-CM-01

📎

Identification and Authentication

APREP-IA-01

📎

Incident Response

APREP-IR-01

📎

Maintenance

APREP-MA-01

📎

Assessment Preparation Master Guide

APREP-MASTER-01

📎

Media Protection

APREP-MP-01

📎

Physical and Environmental Protection

APREP-PE-01

📎

Personnel Security

APREP-PS-01

📎

Risk Assessment

APREP-RA-01

📎

System and Communications Protection

APREP-SC-01

📎

System and Information Integrity

APREP-SI-01

Automation Scripts

📎

Automation Scripts Deployment Guide

AUTO-GUIDE-01

📎

GCCH 01 MFA Enrollment Report

📎

GCCH 02 Stale Account Auditor

📎

GCCH 03 Privileged Role Inventory

📎

GCCH 04 Conditional Access Exporter

📎

GCCH 05 Unified Audit Log Extractor

📎

GCCH 06 Audit Log Retention Verifier

📎

GCCH 07 Admin Activity Report

📎

GCCH 08 Device Compliance Snapshot

📎

GCCH 09 Software Inventory Exporter

📎

GCCH 10 Secure Score POAM Builder

📎

GCCH 11 Vulnerability Report

📎

GCCH 12 Patch Compliance Report

📎

GCCH 13 External Sharing Auditor

📎

GCCH 14 Sensitivity Label Coverage Report

📎

GCCH 15 DLP Policy Status Exporter

📎

GCCH 16 Risky SignIns Report

📎

GCCH 17 Guest External User Auditor

📎

GCCH 18 Monthly Evidence Bundle

📎

GCCH 19 Service Principal Auditor

📎

GCCH 20 Legacy Auth Protocol Reporter

📎

GCCH 21 Break Glass Account Verifier

📎

GCCH 22 Named Location Auditor

📎

GCCH 23 Mailbox Audit Enhancement Report

📎

GCCH 24 Email Forwarding Exfil Detector

📎

GCCH 25 Teams Governance Auditor

📎

GCCH 26 Secure Score Delta Tracker

📎

GCCH 27 EOP Safe Policy Exporter

📎

GCCH 28 Power Platform DLP Reporter

📎

GCCH 29 Defender Alert Incident Reporter

📎

GCCH 30 SignIn Anomaly Pattern Analyzer

📎

GCCH 31 Defender Identity Alert Reporter

📎

GCCH 32 OneDrive External Sharing Reporter

📎

GCCH 33 Purview Sensitivity Label Reporter

📎

GCCH 34 Communication Compliance Exporter

📎

GCCH 35 Intune Configuration Baseline Checker

📎

GCCH 36 Remote Access VPN Auditor

📎

GCCH 37 CMMC Readiness Dashboard Generator

📎

GCCH 38 Access Recertification Workbook Builder

📎

GCCH 39 Endpoint Protection Health Poller

📎

GCCH 40 CVE Advisory Watcher

📎

GCCH 41 Network Boundary Controls Reviewer

📎

GCCH 42 SSL TLS Certificate Expiry Checker

📎

GCCH 43 CMMC POAM Progress Tracker

📎

GCCH 44 Privileged Account Password Rotation Reporter

📎

GCCH 45 OAuth Consent Grant Auditor

📎

GCCH 46 Exchange Litigation Hold Reporter

📎

GCCH 47 SharePoint Site Permissions Auditor

📎

GCCH 48 Exchange Transport Rule Risk Auditor

📎

GCCH 49 DNS Security Bulk Checker

📎

GCCH 50 Privileged Account Activity Timeline

Vendor & Supply Chain

📎

Shared Responsibility Matrix

SRM-01

📎

Vendor Risk Questionnaire

VRQ-01

Training & Awareness

📎

Security Awareness Training

AT-TRN-01

Ready to Get Assessment-Ready?

Every tier ships as a complete, organized kit — download, customize, and implement.

Request a Quote →

Included Files – CMMC Compliance Engine Documentation

Complete File Reference

Getting Started

System Security Plan

Policies (14 Domains)

Customization Guides

Agreements & Forms

Tracking & Operational Tools

Assessment Tools

Training & Awareness

System Security Plan

Procedures

Customization Guides

Incident Response

Agreements & Forms

Tracking & Operational Tools

Assessment Tools

Microsoft 365 & Sentinel Guides

Training & Awareness

Assessment Preparation (APREP)

Automation Scripts

Vendor & Supply Chain

Training & Awareness

Ready to Get Assessment-Ready?