SSP + POA&M Generator
The single artifact every CMMC C3PAO opens at the assessment — System Security Plan and Plan of Action & Milestones, generated from your control data, ready to hand to the auditor.
Try SSP + POA&M Generator
One email unlocks all 13 AC5 Labs demos for 30 days. Public sample data, fully interactive, no signup required after this step. We use your email only to follow up with engagement options.
MVP 14 demo · sample data only · one email unlocks all 13 tools for 30 days.
The pain
Every CMMC Level 2 assessment requires an SSP and POA&M in a specific format. Most contractors author these in Word, lose the version history, and end up with a 60-page document that drifts from reality the day it is finalized. The C3PAO opens it first; if it is wrong, the assessment is over.
What gets built
- Pre-loaded NIST 800-171 Rev 2 control library with editable implementation narratives
- POA&M tracking: weakness → mitigation → target completion → responsible party
- One-click SSP generation: Word + PDF, assessor-ready format with cover, classification banner, full control writeups
- POA&M generation in OSCAL-aligned format compatible with eMASS / DoD systems
- Version history: every generation timestamped and archived
- Live preview before download — no surprises at the assessment
Stack
- Same Next.js stack as MVP 01
- Pandoc for DOCX/PDF
- OSCAL-aligned schema
Effort to ship
3 weeks for v1 (extends MVP 01)
Try SSP + POA&M Generator
One email unlocks all 13 AC5 Labs demos for 30 days. Public sample data, fully interactive, no signup required after this step. We use your email only to follow up with engagement options.
MVP 14 demo · sample data only · one email unlocks all 13 tools for 30 days.