The CMMC Accelerator, built on ServiceNow’s Continuous Authorization and GRC Monitoring Policy and Compliance Management Module, streamlines and automates CMMC Level 1 and Level 2 assessments for DoD contractors. It enables compliance managers to assign structured questionnaires, track responses, and monitor compliance in real time.
With a user-friendly interface, compliance managers and stakeholders can:
Monitor assessment results and compliance status
Identify gaps and trigger remediation workflows
Manage POA&Ms and generate an SSP report, capturing control owner responses for all 320 objectives
Automate assessment processes, requiring C3PAO validation for certification
The app comes with preloaded NIST 800-171 content and leverages the NIST Risk Management Framework (RMF) for structured compliance tracking. It also provides POA&M templates to streamline DoD submission.
Available now on the ServiceNow Store, the CMMC Accelerator helps organizations simplify compliance, reduce assessment effort, and ensure a structured path toward CMMC certification.
- Comprehensive Pre-Built Content: Includes the complete CMMC 2.0 Authority Document with all 110 controls and 320 objectives, specific questionnaires tailored to each of the 320 objectives, and suggested evidence required for each objective, offering insights from the perspective of a certified CCA assessor to ensure compliance readiness.
- CMMC Boundary Management: Define and manage CMMC Bounday to include CUI assets to align with CMMC 2.0 requirements.
- Control Implementation: Simplify the deployment and management of CMMC controls.
- Issue Tracking: Automatically create issues for failed controls to track remediation process.
- Audit Preparation and Management: Automate CMMC assessment workflows for Level 1 and Level 2 certifications.
- Plans of Action and Milestones (POA&M): Develop, track, and manage corrective action plans to close compliance gaps.
- Artifact Management: Create SSP (System Security Plan) and other related artifacts for CMMC Level 2 assessment.
Initial Release.
ServiceNow IRM PRO with CAM license is required.
Plugins (required pre-installation):
- GRC: Continuous Authorization & Monitoring
- GRC: Policy module Dependencies
- GRC: GRC Profile Dependencies