CMMC Readiness

Compliance for small defense subcontractors.

Three hundred thousand defense contractors need CMMC compliance. Most of them are running on spreadsheets. We're building the tool that closes that gap, and we're collecting an early-access list now.

The problem

You don't need consulting. You need a structured way through.

Machine shops, parts manufacturers, IT integrators, and small defense subs are being told they need CMMC certification — Level 1 for Federal Contract Information, Level 2 for Controlled Unclassified Information. Most existing tools are built for big consultants charging $50,000–$150,000 to walk you through it.

For a five-to-twenty-person sub trying to keep a contract, those options don't fit. Spreadsheets do. The result is hundreds of thousands of subs filing imperfect self-assessments — or skipping it and risking the contract.

What we're building

CMMC readiness, structured the way assessors think.

Every screen of the tool maps directly to a CMMC requirement. Every output is the document an assessor or contracting officer expects to see — not a generic dashboard.

Practice walkthrough

Step-by-step wizard for all 17 Level 1 controls or all 110 Level 2 practices. Each control mapped to the evidence you actually need to produce.

POA&M generator

When an applicable practice isn't fully met, the tool drafts the Plan of Action & Milestones entry — gap, target date, responsible party — in the format assessors expect.

Assessment-ready package

System Security Plan, evidence index, and signed self-assessment report — packaged for SPRS submission (Level 1) or third-party assessment (Level 2).

Built-in CUI marking

Upload a document, select the CUI categories, and download a properly marked version per CUI marking standards (32 CFR Part 2002 / DoDI 5200.48). No more manual headers and footers in Word.

Levels

Level 1 or Level 2 — pick the one your contract requires.

Level 1

17 basic safeguarding practices

For contractors handling Federal Contract Information (FCI). Self-assessment, no third-party audit, submitted annually to SPRS via PIEE. Free to file once the work is done.

  • · Access Control (4 practices)
  • · Identification & Authentication (2 practices)
  • · Media Protection (1 practice)
  • · Physical Protection (4 practices)
  • · System & Communications Protection (2 practices)
  • · System & Information Integrity (4 practices)

Level 2

110 NIST SP 800-171 practices

For contractors handling Controlled Unclassified Information (CUI). Third-party assessment by a C3PAO required for most contracts. Significantly broader scope than Level 1.

  • · Full NIST SP 800-171 control set
  • · System Security Plan and POA&M required
  • · Three-year certification cycle
  • · Incident reporting and audit log requirements
  • · On-premise deployment available for environments handling CUI — no data leaves your network

Why us

Built by an operator with the cert and the contract.

Operator-built

The same founder behind Gold Bird Group also runs D74 Technologies — a defense subcontractor that has filed its own CMMC Level 1 self-assessment with SPRS. This tool is being built from inside that workflow, not from a consultant's outline.

CompTIA Security+ CE

DoD 8570 / 8140 IAT Level II certified. The cert that matters for unclassified DoD IT work and for credibility with assessors.

Federal vendor

Gold Bird Group is SAM.gov registered with eight NAICS codes — including 541512 and 541519 (Computer Systems Design Services). We know how DoD buyers think.

Pricing intent

Priced for the small subs that actually need this.

$500–$2,000 per year for ongoing self-service compliance, or $3,000–$5,000 one-time for guided readiness with assessment support. Final pricing locked at launch — early-access members get grandfathered rates.

We'll never charge what the big consulting firms charge. That's the point.

Early Access

Be on the list when this ships.

We'll email when there's a working preview, then again at launch. You'll get grandfathered pricing and a direct line to the operator who built it.

Target compliance level *

When do you need this? *

Just want to be notified when it ships? Drop your email — no other questions.

Have a contract deadline you're trying to meet? Email info@goldbirdgroup.io with the requirement and we'll respond same business day.

Or book a call →