Assessment Readiness

Your C3PAO audit simulation — know exactly where you stand before the assessor arrives.

70%Readiness

Controls Implemented

of 110 total controls

Evidence Coverage

71%

of implemented controls have evidence

Open Gaps

12 not impl. + 21 partial

Assessment Timeline

Today

Mar 5, 2026

241 days remaining

Deadline

Nov 1, 2026

Comfortable window

Domain Breakdown

Sorted lowest readiness first

DomainProgressEvidenceReady%

CASecurity Assessment

2/4 impl.

2 ev.

50%

50%2/4

CMConfiguration Management

5/9 impl.

4 ev.

56%

56%5/9

SCSystem and Communications Protection

10/16 impl.

7 ev.

63%

63%10/16

AUAudit and Accountability

6/9 impl.

5 ev.

67%

67%6/9

IRIncident Response

2/3 impl.

2 ev.

67%

67%2/3

MAMaintenance

4/6 impl.

3 ev.

67%

67%4/6

MPMedia Protection

6/9 impl.

4 ev.

67%

67%6/9

RARisk Assessment

2/3 impl.

1 ev.

67%

67%2/3

SISystem and Information Integrity

5/7 impl.

3 ev.

71%

71%5/7

ACAccess Control

16/22 impl.

8 ev.

73%

73%16/22

IAIdentification and Authentication

9/11 impl.

6 ev.

82%

82%9/11

PEPhysical Protection

5/6 impl.

3 ev.

83%

83%5/6

ATAwareness and Training

3/3 impl.

3 ev.

100%

100%3/3

PSPersonnel Security

2/2 impl.

2 ev.

100%

100%2/2

C3PAO Audit Focus — Highest Risk Controls

What an assessor will examine first. C3PAOs follow NIST SP 800-171 DOD Assessment Methodology v1.2.1. These controls carry the highest score deductions.

1.3.1.2Transaction and Function Control

-5 pts

High Priority

2.3.1.12Control Remote Access

-5 pts

High Priority

3.3.1.18Mobile Device Connection

-5 pts

High Priority

4.3.3.5Audit Record Review

-5 pts

High Priority

5.3.4.6Least Functionality

-5 pts

High Priority