Skip to main content

Secureframe Defense for CMMC - Get started with CMMC Navigator

OverviewGetting CMMC compliant can feel overwhelming—hundreds of requirements, unclear scope, and no clear starting point. Secureframe Def...

Written by Brady Price

Overview

Getting CMMC compliant can feel overwhelming—hundreds of requirements, unclear scope, and no clear starting point. Secureframe Defense CMMC Navigator changes that with a guided experience for achieving compliance.

Instead of reading through frameworks and guessing what applies to your organization, Navigator asks the right questions upfront and builds a personalized compliance path. As you move through each section, Secureframe automatically builds your System Security Plan (SSP) and begins mapping your environment to compliance tests so you can start passing them faster.

Modules

CMMC Navigator is broken out into different modules to walk you through getting CMMC compliant.

Program Details

The Program Details module captures the foundation of your compliance program.

[Insert screenshot: Program Details module overview]

Organization Details

Enter your company information, website, and key contacts. This information will be used throughout your SSP and compliance documentation.

Company Identifiers

Provide your federal registration details:

  • System Unique Entity Identifier (UEI) – Your unique identifier from SAM.gov

  • SAM Registration – Your System for Award Management registration status

  • CAGE Code – Your Commercial and Government Entity code

System Categorization

Define what types of data your organization handles:

  • FCI – Federal Contract Information

  • CUI – Controlled Unclassified Information

  • SPD – Security Protection Data

Why this matters: Navigator uses this information to tailor your compliance path and pre-populate your SSP documentation. Accurate details here save time later.

Tech Stack Integration

Connect your systems for automatic evidence collection.

Navigator walks you through connecting your existing infrastructure so Secureframe can automatically validate configurations and collect required evidence:

  • Microsoft GCC High / Azure Government: Full support for government cloud environments

  • Google Workspace: Including CUI organizational unit setup and access controls

  • Secureframe Federal MDM

Each integration includes guided setup with step-by-step instructions, permission requirements, and verification.

Policy Management

The Policies module helps you review and publish the documented policies required for CMMC compliance. These policies define expectations and demonstrate that security requirements are met.

[Insert screenshot: Policy management module]

Steps in This Module

  1. Policy Source Selection: Choose to use Secureframe's pre-built CMMC policy templates or upload your own existing policies.

  1. Placeholder Values: Enter organization-specific details (like company name, security contacts, etc.) that will auto-populate across all policies.

  1. Review & Publish: Work through each policy with a guided review workflow. You'll see what's required, what's optional, and what's already covered.

Note: Policies are automatically linked to their corresponding CMMC requirements in your SSP. No manual mapping required.

Training

The Training module ensures your personnel complete the security training required for CMMC compliance.

[Insert screenshot: Training module vendor selection]

CMMC Navigator supports the following options:

  • Secureframe Training – Built-in courses configured directly through Navigator

  • KnowBe4 Integration – Connect your existing KnowBe4 account for automatic completion tracking

  • Third-Party Vendor – Upload completion records from any training provider

Your personnel will need to complete the following trainings. In the Navigator you will assign specific user groups to each training so that users are only required to complete what is relevant to their role.

  • Security Awareness Training

  • Role-Based Security Training

  • Incident Response Training

  • Handling CUI Training

  • Acceptable Use Training

Background Checks

The Background Checks module guides you through setting up federal background check requirements for your personnel.

[Insert screenshot: Background checks module]

What's Included

  • Guided setup for federal background check requirements

  • Integration with supported background check providers, Checkr

  • Ability to upload supporting documentation

  • Tracking for completion status across your organization

If you take advantage of the integration with Checkr, admins can initiate background checks from the Secureframe platform. The personnel will receive an email to start the process.

Invite Personnel

The final module helps you onboard team members with appropriate access and training assignments.

[Insert screenshot: Personnel invitation screen]

Use this module to:

  • Invite personnel to your Secureframe account

  • Assign appropriate access roles

  • Automatically assign required training based on their role

Frequently Asked Questions

Can I complete modules in any order?

No, you must complete the modules in sequential order. Some modules (like Training) depend on information from earlier modules (like Program Details).

What happens if I need to stop and come back later?

Your progress is automatically saved. You can return to Navigator at any time and pick up where you left off.

How do I know when I'm done?

Each module shows a completion status. When all modules are complete, your Navigator dashboard will reflect your readiness for assessment.

Related Articles

Need Help?

If you have questions while working through Navigator, contact your Customer Success Manager at [email protected].

Related Articles
Secureframe Onboarding Overview: Roles, Milestones, and Best Practices
Secureframe Virtual Desktops
Building and Managing a System Security Plan (SSP)
FAQs: FedRAMP, CMMC, and DFARS: readiness, scope, and evidence
Secureframe Framework Compliance Training
Did this answer your question?