Assessments Library
These baseline Assessment json files can be downloaded and imported into your PlexTrac instance. Feel free to modify these as desired!

Have an Assessment You'd Like To Share?

We offer these baseline Assessments as a value-add to our partners, but there are dozens of frameworks in use throughout the industry. Using these is easy - building takes time. If you have built an Assessment not offered here and are willing to share, please drop us a line at [email protected]!

Cybersecurity Maturity Model Certification (CMMC) v1.02

This is the framework that will replace NIST 800-171 self-attestation as a requirement to bid and be awarded many DoD contracts beginning in 2021.
CMMC Level-3 v1.0.json
Level 1-3 Controls Only
CMMC Level-5 v1.0.json
Full Level 1-5 Controls

NIST Cyber Security Framework (CSF) v1.1

The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
NIST CSF Assessment cao 25 Aug 2020.json

NIST 800-171 Revision 2

NIST 800-171 governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. It is a set of standards that define how to safeguard and distribute material deemed sensitive but not classified. It is the standard for non-Federal access to CUI and the basis for attestation until CMMC is fully implemented.
SS NIST 800-171.json
NIST 800-171 r2

Sample Scoping Questionnaire

This is a basic scoping questionnaire ideal for use prior to a penetration test or generalized security assessment. It includes calls for documentation which can be attached directly to the Assessment.
Pre-Engagement Questionnaire 17 Aug 2021.json
Pre-Engagement Scoping Questionnaire

SIG Lite Vendor Risk Management Questionnaire

This is a 75 questionnaire for vendor risk management developed by Shared Assessments and used by over 15,000 organizations worldwide. The SIG Lite Assessment is part of the Standardized Information Gathering Questionnaire, which is a licensed product. To obtain the JSON to allow completion of the SIG in PlexTrac, please contact [email protected] and provide proof of current licensing.
Have something to add to the collection? Drop us a line at [email protected]!
Last modified 2mo ago