The CMMC compliance platform built for on-premises. Assess all 110 NIST 800-171 controls, track evidence, generate your SSP, and prepare for C3PAO assessment — entirely on your machine.
All 110 NIST 800-171 Rev 2 controls across 14 families. Track implementation status, objectives, evidence, and responsible parties for every control.
Per-control compliance tracking with Compliant / Non-Compliant / Not Assessed dropdowns. Auto-marks controls as implemented when all objectives pass.
Generate a complete System Security Plan from your control data. Export as professional DOCX, PDF, or plaintext — ready for assessor review.
Upload any file type as evidence. Maintain an evidence library with dropdown selection per control. Map every artifact to its controls and objectives.
Inspector-ready evidence package mapping every artifact to its controls and objectives. Identifies gaps where evidence is missing. Built for C3PAO presentations.
Plan of Action & Milestones tracker with deadlines, risk levels, remediation plans, and responsible parties. Filter by status, track overdue items.
Full compliance report, gap analysis, family scorecard, objectives report, and executive summary. Export everything as CSV, PDF, or DOCX.
Manage multiple client profiles with separate assessment data. Switch between clients instantly. Perfect for MSPs and consultants.
Install on your own Windows or Linux machine. ASAR integrity verification, Ed25519-signed updates, machine-unique encryption, Chromium hardened with 13 security switches. Your CUI data never touches a third-party cloud.
No FedRAMP authorization needed — it's your machine
No SOC 2 dependency — you control the security
Works offline — no internet required after activation
$59.99/mo founders rate — all 3 CMMC levels vs $5K–15K/yr SaaS
22 hardened security controls — ASAR integrity, Ed25519 signing, encrypted storage
Certmoat™ covers all three CMMC levels at one flat rate. Level 1 (17 foundational practices), Level 2 (all 110 NIST 800-171 controls), and Level 3 (expert-level compliance) — all included, no tiers.
No. Certmoat™ is a desktop application that runs entirely on your machine. Your assessment data, evidence, SSP documents, and CUI-related information never leave your network. The only outbound connection is a periodic license validation check.
Certmoat™ is available for Windows (10/11, 64-bit) and Linux (Ubuntu/Debian). Installers are provided as .exe for Windows and .deb for Linux distributions.
Founders pricing is $59.99/month — all three CMMC levels included, no tiers, no upsells. This rate is locked in for the first 50 subscribers. General pricing will be $149/month. Most SaaS CMMC tools charge $5,000–$15,000/year with your data on their servers.
Yes. Certmoat™ supports multiple client profiles, each with their own separate assessment data, evidence library, and compliance status. Switch between clients instantly — ideal for MSPs and compliance consultants.
Yes. The SSP Builder generates a complete System Security Plan from your control implementation data. It exports as a professionally formatted Word document (.docx), PDF, or plain text — ready to hand directly to your C3PAO assessor.
Your assessment data remains on your machine — it's never deleted. However, the application will require a valid license to continue operating. There's a 7-day offline grace period for connectivity issues. Renew your subscription to regain access.