CyberGAP L1 & L2 by Cyber Armada

CyberGAP L1 & L2 by Armada Cyber Defense is a tool that helps Department of Defense contractors get ready for Cybersecurity Maturity Model Certification. This tool is really helpful for medium-sized defense contractors. It makes it easy for them to see where they need to improve their cybersecurity.The way it works is that it asks questions that are easy to understand. This makes it easier for organizations that do not have a cybersecurity team to use the tool. Users can go through a step by step evaluation based on CMMC practices. This helps them see where their security program is now. The system guides contractors through each required control one at a time. It helps them find out what is missing what is not complete and what needs to be improved in their CyberGAP L1 and L2 and Cybersecurity Maturity Model Certification.The CyberGAP L1 and L2 tool is very useful for Department of Defense contractors who need to meet Cybersecurity Maturity Model Certification requirements. It is especially helpful for medium-sized defense contractors who need a simple way to understand what they need to do to meet the requirements. The tool uses language so it is easy for anyone to use even if they are not cybersecurity experts. This makes the assessment process more accessible, for organizations that are using CyberGAP L1 and L2 by Armada Cyber Defense.CyberGAP L1 & L2 has a built-in SPRS-style scoring capability designed to automatically digitize the step between completing the assessments and declaring your readiness level. The assessment is automatically scored using the same methodology the DoD uses (Supplier Performance Risk System – SPRS) and gives contractors a realistic sense of where they stand and what needs to be remedied before formal information is submitted and before facing a compliance auditor during certification.Along with the scoring, the platform also produces comprehensive gap analysis reports which identify weaknesses across the cybersecurity domain and provide actionable remediation roadmaps to help your organization improve current compliance levels over time. Use the findings to develop internal security improvement plans, allocate resources, and prepare documentation for your next CMMC assessment.In addition, CyberGAP L1 & L2 allows organizations to create long-term cybersecurity maturity by promoting continuous assessment and advancement. The platform allows businesses to take a structured approach to controlling and strengthening their security controls, rather than treating compliance as a one-off task. CyberGAP offers a practical way for DoD contractors to get started on and stay on the path to CMMC compliance through automated scoring, streamlined assessments, and remediation guidance that cuts through the complexity that often comes with cybersecurity regulations.

Table of Contents

What CyberGAP L1 & L2 does

CyberGAP L1 & L2 performs a free, automated self-assessment of your organization’s cybersecurity maturity against CMMC Level 1 and Level 2 requirements. It guides users through plain-language questions for each control, calculates an SPRS-style score, identifies gaps, and generates remediation reports. CyberGAP evaluates implementation status (MET, NOT MET, or NA) across relevant CMMC domains, automating what would otherwise be manual spreadsheet work.

For Level 1, it checks 17 basic practices from FAR 52.204-21, ensuring no gaps (pass/fail only and no POA&Ms).
For Level 2, it covers all 110 NIST SP 800-171 Rev 2 controls across 14 families, allowing limited POA&Ms and producing weighted scores (-203 to +110).

Key Capabilities by Level

Function	CMMC Level 1	CMMC Level 2
Primary Goal	Safeguard Federal Contract Information (FCI) with basic hygiene	Protect Controlled Unclassified Information (CUI) with documented processes
Controls Checked	17 practices (e.g., AC.L1-3.1.1: Authorize access; SI.L1-3.14.5: Scan files/systems)	110 requirements (e.g., AC.L2-3.1.1-22: Advanced access; IR.L2-3.6.1: Incident response planning)
Scoring Output	100% MET/NA required; simple pass/fail report	SPRS score + gap analysis; POA&Ms for unmet items (180-day limit)
Domains Covered	6 families (Access Control, Awareness, Media Protection, Physical Protection, System Integrity)	14 families (+ Audit, Configuration Management, Incident Response, Risk Assessment, etc.)

Detailed Purpose and Benefits

The tool exists to streamline CMMC readiness scoping and gap analysis for organizations handling Federal Contract Information (FCI) at Level 1 or Controlled Unclassified Information (CUI) at Level 2. It breaks down the 17 Level 1 practices (FAR 52.204-21) or 110 Level 2 controls (NIST SP 800-171) into user-friendly, plain-language questions that anyone in IT/security can answer by reviewing policies, interviewing staff, or checking configs/logs. Ultimately, it generates an SPRS-eligible score and report to submit via PIEE, helping maintain contract eligibility while guiding remediation, acting as a lite version before full GRC platforms like CyberComply.

Cost-Free Baseline: No signup fees or subscriptions; instant access to professional-grade assessment worth thousands in consulting time
Time Efficiency: Completes in hours/days vs. weeks for manual processes; auto-scores and prioritizes fixes.
Actionable Outputs: Detailed PDF reports with gap lists, remediation templates, and progress tracking that are directly uploadable to SPRS for annual affirmations.
Risk Reduction: Prevents surprises in C3PAO audits by surfacing issues early; Level 1 ensures 100% compliance, Level 2 flags POA&Ms (limited to 180 days).
Scalability Path: Seamless import to Armada’s CyberComply for evidence management, SSPs, and mock audits is ideal for growing from self-assessment to certification.

Also Read: Cyber Liability Insurance & Information Security

How to Use It:

Access and Register: Visit the official website, enter your organization details, and select Level 1 or Level 2. No cost or credit card needed.
Scope Your Assessment: Define your authorization boundary. Document network diagrams if needed.
Answer Controls: For each domain, respond YES/NO/NA to implementation questions like “Do you limit system access to authorized users?” Examine policies, configs, logs, and interview admins.
Review Results: Get instant gap report, SPRS score, and prioritized fixes. Export PDF for SPRS upload via PIEE (requires Cyber Vendor User role).
Remediate and Reassess: Fix gaps, re-run assessments (Level 1 expires yearly). Migrate to CyberComply for task dashboards and evidence.

Final Thoughts

Cyber insurance is essential for businesses to protect against costly cyberattacks like ransomware and data breaches, covering recovery, legal fees, and lost income that standard policies often miss. Tools like CyberGAP L1 and L2 from Armada Cyber Defense offer free self-assessments to check compliance with key cybersecurity standards, such as CMMC for defense contractors, highlighting gaps for quick fixes. Together, they provide a smart strategy: use compliance tools to strengthen defenses and lower premiums, then secure insurance via brokers for full financial safety, so start with a risk check today to stay ahead of 2026 threats.

FAQ’s

What is CyberGAP?

A no-cost online questionnaire that scores your CMMC Level 1 (17 controls) or Level 2 (110 controls) gaps for SPRS submission.

Is it free or paid?

Completely free; no login required for basic use, generates instant reports

What’s the difference between L1 and L2 in CyberGAP?

L1 self-assesses basic FCI protections, whereas L2 dives into full NIST 800-171 for CUI, flagging POA&Ms.

How long does it take?

It takes about 5-15 minutes per level.

About The Author

William

William is a seasoned cybersecurity expert with over 10 years of experience safeguarding businesses from ransomware, data breaches, and advanced persistent threats. Specializing in threat detection, incident response, and compliance frameworks like CISSP and CMMC, they deliver practical strategies to build resilient digital defenses for enterprises and government agencies.

See author's posts