Quickly assess whether an entity has completed a CMMC (Cybersecurity Maturity Model Certification) third-party assessment. Enter a CAGE code or a business name to get a brief status summary — certification level, date, and assessing C3PAO — and add it to a running index of entities and their current CMMC status.
cmmc-status.json) seeded with illustrative sample entries to demonstrate
the flow. On a miss it points you to public sources (Cyber AB Marketplace, SAM.gov, web
search) so you can verify, then add the confirmed entity to your running index. Verify every
result against an authoritative source before relying on it.
lookup table updated —
cmmc-status.json table or what you have added to your
index — it is not proof of certification and carries no authority. Official
CMMC status is recorded by the DoD in SPRS/eMASS and is confirmed by the assessing
C3PAO and the Cyber AB. The running index is stored only in this browser
(localStorage) on this device. Always confirm a contractor's actual CMMC level,
scope, certification date and expiry directly with the entity, its C3PAO, or the
contracting officer before making any decision. CMMC certifications are valid for three
years and may lapse.