Framework program
Cybersecurity Maturity Model Certification evidence template.
This is a reusable framework module. It defines source authority, native identifier patterns, collector fit, expected evidence, manual evidence gates, and deployment posture before any client project is created.
next seedCMMC 2.0 / 32 CFR Part 170 and DFARS rolloutCMMC
Template status
planned
U.S. Department of Defense
Seed rows
5
Source-native requirement rows
Native examples
3
Stored without normalization loss
Collectors
4
configuration, document, manual-upload, api
Deployment fits
3
SaaS, private, appliance, runner
Native source contract
Keep the framework’s identifiers intact
AC.L2-3.1.1
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
IA.L2-3.5.3
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
SI.L2-3.14.2
Evidence maps to this native reference first, then to any shared ControlFrame control spine or cross-framework reuse.
Automated evidence
Collector lanes to build
Microsoft GCC High / Entra / Intune evidence
asset and CUI boundary evidence
configuration and vulnerability snapshots
SPRS score support
Manual or human-gated evidence
Do not fabricate these artifacts
SSP
POA&M where allowed
CUI data flow diagrams
assessment objective notes
C3PAO assessment support