CyberComply L1 is the Level 1 subscription tier of Armada Cyber Defense’s enterprise GRC (Governance, Risk, and Compliance) SaaS platform, priced at $960/year (no monthly option). It builds directly on the free CyberGAP self-assessment by importing results into a full lifecycle management system for CMMC Level 1’s 17 FAR 52.204-21 practices (58 assessment objectives), ensuring ongoing compliance for Federal Contract Information (FCI).
What is the Purpose?
CyberComply L1 deliver’s a full-lifecycle GRC platform exclusively for CMMC Level 1 compliance, empowering small-to-mid Defense Industrial Base (DIB) contractors to achieve, document, and maintain safeguarding of Federal Contract Information (FCI) without needing in-house experts or costly consultants. Developed by Armada Cyber Defense, a team of Certified CMMC Professionals (CCPs) and Assessors (CCAs), it directly tackles real-world barriers like confusing NIST/FAR requirements, fragmented documentation, and generic tools unfit for DoD specifics.
Core Objectives
- Automate L1 Self-Attestation: Handles the 17 FAR 52.204-21 practices (mapped to 58 assessment objectives), ensuring 100% MET/NA status for annual SPRS affirmations via PIEE, no POA&Ms permitted.
- Seamless Progression from CyberGAP: Imports free CyberGAP gap results into a persistent workspace, turning one-time assessments into ongoing management.
- Build Defensible Posture: Generates compliant artifacts (SSP, policies, evidence repositories) that withstand C3PAO scrutiny, while providing implementation guidance for controls like access limits (AC.L1-3.1.1) or flaw remediation (SI.L1-3.14.2).
- Support DIB Ecosystem: Multi-tenant for MSPs/MSSPs (35% profit share); scales for consultants serving multiple clients.
Who It’s For and Why
CyberComply L1 is designed for Defense Industrial Base (DIB) organizations handling Federal Contract Information (FCI) who need an affordable, automated way to meet CMMC Level 1’s foundational cyber hygiene requirements. It’s particularly suited for small-to-medium businesses (SMBs), primes, subs, and service providers lacking dedicated compliance teams.
Primary Users
- Prime Contractors: Direct DoD partners processing/storing/transmitting FCI; must self-attest annually in SPRS via PIEE to keep contracts.
- Subcontractors/Vendors: Flow-down recipients of FCI from primes; -63% of DIB estimated at L1 (hundreds of thousands of firms).
- Managed Service Providers (MSPs/MSSPs): Multi-tenant support with 35% profit share; manage client instances.
- Cloud Service Providers (CSPs): Those enabling FCI access/storage (non-COTS sellers exempt).
- Consultants/OSAs: Leverage for client work; collaboration features for teams/advisors.
Why They Need It
- Pain Relief: Addresses collaboration (team/external sharing), evidence overload, and audit prep that is built by CCPs/CCAs for real DIB workflows.
- Regulatory Mandate: DFARS 7012 requires L1 self-assessments for FCI contracts (effective Nov 2025+); non-compliance risks bid rejection or termination.
- Expertise Gap: SMBs often lack CMMC-savvy staff, tool provides preloaded controls, templates, SSP automation vs. manual spreadsheets.
- Efficiency for Basics: 17 practices are basic hygiene but tedious to document; CyberComply cuts weeks to days at $960/yr vs. $5K+ consultants.
- Growth Path: Post-L1, upgrade to L2 without rework; preserves evidence/tasks for CUI handling.
What are the benefits?
CyberComply L1 offers targeted benefits for CMMC Level 1 compliance, focusing on efficiency, accuracy, and cost savings for DIB contractors handling FCI. It preloads the exact 17 FAR 52.204-21 practices, automates documentation, and streamlines self-attestations to protect contracts.
- CyberComply L1 eliminates manual data entry errors by providing preloaded controls, saving hours on setup.
- It centralizes evidence and tasks in visual dashboards, ensuring accountability and progress tracking for remediation.
- Auto-generates compliant SSPs from your inputs, cutting creation time while allowing customization.
How It Fulfills the Purpose Step-by-Step
- Onboarding: Sign up post-CyberGAP; get containerized L1 instance with preloaded controls, policies, and SSP skeleton.
- Gap Closure: Interactive reassessment flags unmet items; assign tasks.
- Documentation: Upload evidence per control (logs, configs); auto-generates SSP sections.
- Management: Dashboards track status; role-based access (Super Admin, Viewer, Editor).
- Affirmation: Export SPRS-ready reports yearly; prorated credit to upgrade to L2.
- Sustainment: Back-office support (monitoring, provisioning); optional CCP consulting.
