Customer Responsibility Matrix

Customer Responsibility Matrix

For CMMC 2.0 and NIST SP 800-171 Compliance Using IntelComp
(Platform Only – No CUI Processing or Storage)

Compliance Area	IntelComp Platform Provides	Customer Responsibilities
Platform Access & Configuration	Secure platform login, user management tools, and technical support.	Control user provisioning/de-provisioning; manage internal access policies.
Control Mapping & Framework Setup	Pre-loaded CMMC/NIST 800-171A control sets, assessment dashboards, and task tracking.	Define applicable compliance scope and validate that platform content aligns with your actual system boundaries.
Gap Assessment & POA&M Tools	Interactive tools to document control status, identify gaps, and track remediation.	Conduct internal assessments; populate POA&M; assign internal resources for remediation.
System Security Plan (SSP)	Editable SSP templates and structured input forms.	Complete the SSP using organization-specific architecture and configurations (do not include CUI in platform).
Policy & Procedure Document Manager	Secure document upload and version tracking (documents must not contain CUI).	Develop and maintain required policies/procedures; upload redacted versions if using IntelComp.
Evidence Management & Audit Trail	Tool for organizing, tagging, and timestamping evidence (platform does not accept or store CUI).	Maintain CUI-sensitive evidence outside IntelComp; upload only sanitized or metadata-level proof where possible.
Training Tracker	Training completion tracking and template storage (no user PII/CUI stored).	Deliver training, ensure compliance with CMMC/NIST training mandates, and retain records on secure internal systems.
Risk Assessment & Risk Management Plan (RMP)	Risk register and mitigation tracking tools.	Identify, score, and document business-specific risks without disclosing sensitive or CUI-related information.
Control Implementation Tracker	Progress dashboard per control with audit-ready status views.	Execute control implementation internally or through third-party providers; document outcomes separately.
Audit Readiness Dashboard	Summary of overall compliance progress with exportable reporting.	Use reporting to support audit preparation and stakeholder communication; maintain CUI-specific audit packages externally.
Configuration Management Tracker	Fields to record CM activities and baseline documentation (no CUI).	Document approved system changes and keep sensitive config files in secure, CUI-compliant environments.
Incident Response Tracker	Event logging fields for IR planning and non-CUI metadata.	Maintain full IR logs and incident reports on secure internal systems per CUI requirements.
Monitoring & Logging Documentation Support	Upload area for non-sensitive logs or summaries.	Conduct full system monitoring and log reviews in CUI-compliant infrastructure; use platform for metadata tracking only.
Data Backup & Retention Documentation Tools	Templates and upload areas for policy docs.	Implement backup/retention solutions according to NIST 800-171 without storing CUI in the platform.
Subscription & License Management	User/license administration and account management tools.	Maintain subscription billing info, user count, and framework selection.

CUI Disclaimer:

IntelComp does not process, store, transmit, or access Controlled Unclassified Information (CUI).
All sensitive system data, evidence containing CUI, and configuration files must be maintained in customer-controlled, CMMC-compliant environments. IntelComp is a documentation and compliance tracking platform only.

Need Help Simplifying Your Compliance Journey?

Discover how IntelComp Compliance Management System can help you achieve and maintain CMMC 2.0 compliance effortlessly.