Assessments Library

These baseline Assessment json files can be downloaded and imported into your PlexTrac instance. Feel free to modify these as desired!

Have an Assessment You'd Like To Share?

We offer these baseline Assessments as a value-add to our partners, but there are dozens of frameworks in use throughout the industry. Using these is easy - building takes time. If you have built an Assessment not offered here and are willing to share, please drop us a line at!

Cybersecurity Maturity Model Certification (CMMC) v1.02

This is the framework that will replace NIST 800-171 self-attestation as a requirement to bid and be awarded many DoD contracts beginning in 2021. This version includes multi-variate scoring for both Practice and Process maturity using the answer sets defined in the standard.

NIST Cyber Security Framework (CSF) v1.1

The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.

NIST 800-171 Revision 2

NIST 800-171 governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. It is a set of standards that define how to safeguard and distribute material deemed sensitive but not classified. It is the standard for non-Federal access to CUI and the basis for attestation until CMMC is fully implemented.

Sample Scoping Questionnaire

This is a basic scoping questionnaire ideal for use prior to a penetration test or generalized security assessment. It includes calls for documentation which can be attached directly to the Assessment.

SIG Lite Vendor Risk Management Questionnaire

This is a 75 questionnaire for vendor risk management developed by Shared Assessments and used by over 15,000 organizations worldwide. The SIG Lite Assessment is part of the Standardized Information Gathering Questionnaire, which is a licensed product. To obtain the JSON to allow completion of the SIG in PlexTrac, please contact and provide proof of current licensing.

Have something to add to the collection? Drop us a line at!