Skip to main content Link Menu Expand (external link) Document Search Copy Copied
In this article:
  1. Reports by Assessment Model
    1. How to Access and Export
      1. Example Export Based on Different Model Types
        1. CMMC v2.0 Specific Reports
    2. CMMCv2 Reports
      1. System Security Plan (SSP)
      2. Plans of Actions and Milestones (POA&M):
    3. C2M2 V2.1 Reports
      1. C2M2 v2.1 Foundations MIL Report

Reports by Assessment Model

Based on security models and assessments, different types of reports are available. More report coverage is coming soon.

How to Access and Export

A report is part of the security model license issued to customers. For example, as part of the CMMC v2.0 license, customers can use the System Security Plan and Plan of Action & Milestones (POA&Ms) reports in .pdf format.

Once a user opens an assessment, the reports are available in the avatar menu of Axio360.

Example Export Based on Different Model Types

CMMC v2.0 Specific Reports

  1. With the focus on a CMMC v2.0 assessment in the assessment navigation menu, navigate to the user profile menu.

    Drop-down menu

  2. From the drop-down menu select Export POA&M Report.

  3. From the modal, select the report to export.

    Report modal

CMMCv2 Reports

System Security Plan (SSP)

The System Security Plan (SSP) report provides an overview of the security requirements and describes the practices in place or planned for implementation.

The generated .xlxs formatted report outputs a row for each practice with at least one evidence link in one of the selected assessments. The row has columns for

  • Domain,
  • Practice Name,
  • Control Name, and
  • Evidence Links.

Where:

  • Domain and Practice Name match the model file fields.
  • Evidence Links contain a new line with the assessment name for each assessment and a new line for each evidence link at that practice for that assessment.

Plans of Actions and Milestones (POA&M):

Plans of Actions and Milestones (POA&Ms) are a critical component of a CMMC compliance strategy. POA&Ms document corrective action plans for tracking and resolving information security and privacy weaknesses against CMMC requirements. The plans detail the gaps and intended remediations, resources (e.g., personnel, technology, funding) required to accomplish the plan, milestones for correcting the weaknesses, key stakeholders involved in the effort, and scheduled completion dates for the milestones.

The export action writes a .xlxs file with the following data columns:

  • Assessment Name
  • CMMC Level
  • Control Name
  • Level (including only “not met” and “partially implemented” states)
  • Target Date
  • Action Items

C2M2 V2.1 Reports

C2M2 v2.1 Foundations MIL Report

Users can create the C2M2 v2.1 Foundations MIL report after the assessment questionnaire has been completed. The report is available for download in .pdf format.

Please note:

  • The order of questions in the report differs from those in the actual assessment model.
  • Completion percentages for partially implemented domains indicate zero completion. Only Largely or Fully Implemented practices account for completion percentages by domain.
  • Decimals on percentage completion rates are always rounded down.
  • MIL reports are not available on Full C2M2 v2.1 assessments.