Built for MSPs running CMMC Level 2 engagements

Generate a 30-page SSP draft
from your client's actual environment

Configure the tech stack. Track 110 controls. Collect evidence with environment-specific instructions. Click export — get an SSP, POA&M, and evidence binder that reflects what's really implemented.

Get StartedSee How It Works

Template-based compliance creates false confidence

Generic SSPs claim controls are in place when they aren't. C3PAO assessors find the gaps. Your client fails.

Documented ≠ Implemented

SSPs say 'access is controlled via firewall rules' but nobody verified the actual SonicWall configuration.

Shared Responsibility Confusion

Who owns MFA rollout — your team configures it, but the client trains their users. Neither SSP nor evidence captures this.

Environmental Mismatches

Every client has a different stack. A SonicWall evidence checklist doesn't help your Fortinet clients.

From onboarding to SSP in one platform

A complete delivery workflow built around how MSPs actually run CMMC engagements.

Step 1

Profile the Environment

Select the client's tech stack — SonicWall, Fortinet, Windows AD, Azure AD. Procedures and evidence instructions adapt automatically.

Step 2

Track 110 Controls

Every CMMC Level 2 control with status tracking, responsibility assignments, and environment-specific implementation guidance.

Step 3

Collect & Review Evidence

Clients get step-by-step instructions for their specific hardware. You review, approve, or request revisions — no more email threads.

Step 4

Generate SSP & Binder

Export an SSP draft with real implementation statements, a POA&M, and a hashed evidence binder — all reflecting what's actually in place.

The money feature

SSP generation that saves
40-80 hours per client

Most MSPs spend 2-3 weeks writing an SSP from scratch for each client. CMMC Pass generates a complete draft with implementation statements that reference your client's actual tech stack — SonicWall firewall rules, AD group policies, M365 conditional access.

Implementation statements reference real hardware and configuration
Shared responsibility assignments flow into each control section
Evidence binder with SHA-256 hash verification per file
POA&M auto-generated from in-progress and not-started controls
Legal disclaimer included — no false certification claims
SSP_Draft_Patriot_Defense.html
System Security Plan (DRAFT)
Patriot Defense Systems — SonicWall + Windows + M365
AC.L2-3.1.1 — Authorized Access Control
Access is enforced through SonicWall NSa 3700 firewall ACLs and Windows Active Directory group policies. All user accounts require domain authentication with enforced password complexity...
● MetMSP Owned
IA.L2-3.5.3 — Multifactor Authentication
MFA is enforced for all privileged and network access via Azure AD Conditional Access policies with Microsoft Authenticator...
● MetShared
SC.L2-3.13.1 — Boundary Protection
SonicWall NSa 3700 provides network boundary protection...
... 107 more controls

Environment-specific verification,
not generic templates

For your top controls, CMMC Pass provides environment-aware procedures: step-by-step evidence instructions for the client's actual hardware, verification steps for your MSP team, and hints about what C3PAO assessors will test.

Client instructions

'On your SonicWall TZ370, navigate to Manage → Users → Local Users & Groups...'

MSP verification

'Verify that the SonicWall access rule blocks all inbound traffic not explicitly allowed...'

Assessor focus

'C3PAO will examine firewall ACLs and interview IT staff about access change procedures.'

Shared Responsibility Model
AC-3Access Enforcement
MSP

Configure firewall ACLs and AD group policies

Client

Approve access change requests

IA-2User Identification
MSP

Deploy and configure MFA via Azure AD

Client

Enroll personal devices, train staff

AU-6Audit Review
MSP

Configure SIEM alerting and log retention

Client

Review weekly summary reports

Your next client's SSP shouldn't take 2 weeks.

We're onboarding design partners — MSPs running active CMMC engagements who want to validate the platform with real clients. Design partner pricing starts at $295/month.

Request Access

Design partner pricing available. No credit card required.