STIG Security Hardening Checklist Pro — CMMC Edition
Preparing for a CMMC Level 2 assessment? Your systems must be hardened — and your assessor will want proof. This tool walks your IT team through every STIG control, maps findings to the correct NIST 800-171 requirement, and generates documentation you can use directly in your System Security Plan.
WHAT IT DOES:
→ Assess security controls across 4 system types
→ Assign findings: Compliant, Non-Compliant, Not Applicable, False Positive, or Open
→ Maps findings to the relevant NIST 800-171 control requirements for CMMC compliance
→ Copy PowerShell fix scripts for instant remediation — fix issues, not just find them
→ Document evidence notes directly on each control
→ Track assets by hostname, IP, owner, and environment
→ Generate a compliance report ready for your System Security Plan (SSP) and POA&M
SYSTEMS COVERED:
→ Windows 10/11 — STIG V3R7 (March 2026)
→ Windows Server 2022 — STIG V2R8 (April 2026)
→ Cisco IOS Network Devices — STIG V3R4 / NDM V3R6 (February 2026)
→ General IT Security
Note: Windows Server 2025 STIG coverage (V1R1, March 2026) will be added in a future update.
WHO THIS IS FOR:
→ Small defense contractors preparing for CMMC Level 2 certification
→ IT managers at GovCon firms with no dedicated security staff
→ Security consultants hardening client systems for CMMC assessments
→ Any organization handling CUI that needs documented hardening evidence
HOW IT WORKS:
Download the file, open it in any browser, enter your asset details, and start your assessment immediately. No installation. No account. No API key.
Note: STIG controls are current as of Q2 2026. Always verify the latest releases at public.cyber.mil before submitting compliance documentation.
Built by PeregrinoTech — an ISSM with 15+ years of DoD experience. Every control, every mapping, and every remediation script reflects real-world hardening practice — not theory.
Military Precision. Cyber Defense. Real-World AI.