Frequently Asked Questions

Everything you need to know about our CMMC compliance packages.

What is CMMC and who needs it?

The Cybersecurity Maturity Model Certification (CMMC) is a DoD framework that requires defense contractors handling Controlled Unclassified Information (CUI) to demonstrate cybersecurity maturity. If you hold or plan to bid on DoD contracts involving CUI, you will need CMMC certification.

What's the difference between the three tiers?

Starter covers CMMC Level 1 (17 practices from FAR 52.204-21) — ideal for contractors with basic safeguarding requirements. Professional covers Level 2 (all 110 NIST 800-171 controls) — required for most CUI-handling contracts. Enterprise adds Level 3 readiness, governance frameworks, and consultant tools for organizations and advisors handling the most sensitive work.

Are these templates accepted by C3PAOs?

Our templates are aligned with NIST SP 800-171 Rev 2 and the CMMC assessment guide. They are designed to meet the documentation expectations of C3PAO assessors. However, templates alone don't guarantee certification — you still need to implement the controls and demonstrate evidence of their effectiveness.

How does the Starter one-time purchase work?

The Starter package is a one-time $457 payment that gives you lifetime access to all Level 1 templates, workbooks, and policies. You can download updated versions as we release them.

Can I upgrade my tier later?

Yes. If you start with Starter and later need Level 2 documentation, you can purchase a Professional or Enterprise subscription. Your new tier gives you access to all packages at and below that level.

What format are the downloads?

All packages are delivered as PDF files. Each download is watermarked with your name, company, and license ID for accountability and audit trail purposes.

Do you offer refunds?

Yes, we offer a 30-day money-back guarantee. If our templates don't meet your needs, contact us within 30 days of purchase for a full refund — no questions asked.

How often are templates updated?

We monitor NIST publications, Federal Register notices, and Cyber AB guidance continuously. When requirements change, we update affected templates and notify active subscribers.

Can I use these for multiple clients? (Consultants)

The Enterprise tier includes consultant tools and supports up to 25 named users and 10 organizations. Each client engagement should use separately downloaded (and watermarked) copies for proper audit trails.

Is my data secure?

Yes. Authentication is handled by Supabase with encrypted sessions. Payments are processed through Stripe — we never store credit card information. Downloads are served over HTTPS from AWS S3.

Still have questions?

Contact Us