Audit Ready Check
15 plain-English questions covering the basic safeguards auditors, customers, and federal prime contractors ask about — including all of CMMC Level 1. See exactly where your business stands.
Does every employee have their own login (no shared accounts), and is access removed promptly when someone leaves?
Are employees limited to only the systems and data they actually need for their job?
Do you use multi-factor authentication (MFA) on email and critical business systems?
Do you keep track of the users and devices that are allowed to connect to your systems?
Do you control and review connections to external systems (vendor tools, cloud services, remote access)?
Is content reviewed before it’s posted publicly (website, social media) so sensitive or contract information is never published?
Is physical access to your office and equipment limited, and do you know who holds keys or badges?
Are visitors escorted and logged when entering areas with computers or business data?
Do you have a firewall protecting the boundary between your internal network and the internet?
Are public-facing systems (like your website) separated from your internal business network?
Is anti-malware installed on all computers, updating automatically, and running regular scans?
Are security updates and patches applied to computers and software promptly (within about 30 days)?
Are old computers, drives, and USB devices securely wiped or destroyed before disposal or reuse?
Do you back up important business data and periodically test that you can restore it?
Do you have written security policies (acceptable use, access control, incident response) that your team has read?
Answer all 15 questions to see your score.