CMMC 2.0 · Level 2 · NIST SP 800-171 Rev 2

ARMS

Assessment Readiness Management System

The professional compliance tool for organizations pursuing CMMC 2.0 Level 2 certification. Track all 110 controls, calculate your SPRS score, manage your POA&M, and generate audit-ready reports — in a single secure file.

Buy License — $39.99 Launch App →
$39.99  ·  Perpetual License  ·  No Subscription  ·  Single File App
110 NIST SP 800-171 Controls SPRS Score Calculator POA&M Tracker Evidence Locker AI Compliance Advisor CMMC 2.0 Level 2 DFARS 252.204-7019 HTML Export No Server Required 110 NIST SP 800-171 Controls SPRS Score Calculator POA&M Tracker Evidence Locker AI Compliance Advisor CMMC 2.0 Level 2 DFARS 252.204-7019 HTML Export No Server Required
What's Included

Everything You Need for
CMMC Level 2 Readiness

ARMS is purpose-built for DoD contractors and subcontractors who need to self-assess, document, and report their NIST SP 800-171 compliance posture.

🛡️
Control Assessment
Work through all 110 NIST SP 800-171 Rev 2 controls organized by domain. Set status, add implementation notes, and assign priority for each control.
📊
SPRS Score Calculator
Automatically calculates your Supplier Performance Risk System score in real time. Generates a submission-ready summary for the DoD SPRS portal.
📋
POA&M Tracker
Log remediation tasks with owners, target dates, and priorities. Visual Gantt timeline keeps your remediation schedule on track.
🗄️
Evidence Locker
Catalog policies, screenshots, configurations, audit logs, certs, and scan reports. Tag by domain and control for audit-ready organization.
🤖
AI Compliance Advisor
Ask plain-language questions about any control. Get actionable implementation guidance and audit prep tips powered by Claude AI.
📄
Audit-Ready Reports
Export full HTML compliance reports, POA&M summaries, and SPRS score packages. Professional formatting for C3PAO submissions.
Assessment · Access Control (AC) 14 Controls
3.1.1Limit system access to authorized users, processes acting on behalf of authorized users, and devicesImplemented
3.1.2Limit system access to the types of transactions and functions that authorized users are permitted to executeImplemented
3.1.3Control the flow of CUI in accordance with approved authorizationsPartial
3.1.4Separate the duties of individuals to reduce the risk of malevolent activityPartial
3.1.5Employ the principle of least privilege, including for specific security functions and privileged accountsNot Started
Full Coverage

All 14 NIST SP 800-171
Practice Domains

Every domain from NIST SP 800-171 Rev 2 is fully covered — 110 controls total, organized and weighted for SPRS scoring.

AC
Access Control
22 controls
AT
Awareness & Training
3 controls
AU
Audit & Accountability
9 controls
CM
Configuration Mgmt
9 controls
IA
Identification & Auth
11 controls
IR
Incident Response
3 controls
MA
Maintenance
6 controls
MP
Media Protection
9 controls
PS
Personnel Security
2 controls
PE
Physical Protection
6 controls
RA
Risk Assessment
3 controls
CA
Security Assessment
4 controls
SC
System & Comm Protection
16 controls
SI
System & Info Integrity
7 controls
Simple Pricing

One Price. Yours Forever.

ARMS — Full License
$39.99
Perpetual License · No Subscription · No Renewals
All 110 NIST SP 800-171 Rev 2 controls
Real-time SPRS score calculator
POA&M tracker with Gantt view
Evidence locker & artifact catalog
AI Compliance Advisor (Claude-powered)
HTML, POA&M & SPRS exports
Single HTML file — no install, no server
All future updates included
Buy with PayPal — $39.99
After payment, your license key will be emailed within 1 business day.
Questions? [email protected]
FAQ

Common Questions

What is CMMC 2.0 Level 2 and do I need it?
CMMC 2.0 Level 2 is required for DoD contractors who handle Controlled Unclassified Information (CUI). It maps to NIST SP 800-171 Rev 2. If your contract includes DFARS clause 252.204-7012, you need to assess against these 110 controls and submit your SPRS score to the DoD portal.
Is ARMS a replacement for a C3PAO assessment?
No. ARMS is a self-assessment and readiness tool. For contracts requiring a third-party assessment, you still need a certified C3PAO. ARMS is ideal for conducting your own annual self-assessment and maintaining your SPRS score documentation.
How is the app delivered? Do I need to install anything?
ARMS is a single HTML file. After purchase you receive a license key by email. Open the app in any modern browser, enter your key, and you're in. No installation, no server, no cloud account required.
Where is my assessment data stored?
Entirely in your browser's local storage — nothing leaves your machine. You can also save your data to a local JSON file at any time using the built-in Save function (Ctrl+S), and reload it later.
Is this a subscription? Will I be charged again?
No subscription, ever. $39.99 is a one-time perpetual license. You get all future updates to ARMS at no additional cost.