Customer Responsibility Matrix

For CMMC 2.0 and NIST SP 800-171 Compliance Using IntelComp

(Platform Only – No CUI Processing or Storage)

Compliance Area IntelComp Platform Provides Customer Responsibilities
Platform Access & Configuration Secure platform login, user management tools, and technical support. Control user provisioning/de-provisioning; manage internal access policies.
Control Mapping & Framework Setup Pre-loaded CMMC/NIST 800-171A control sets, assessment dashboards, and task tracking. Define applicable compliance scope and validate that platform content aligns with your actual system boundaries.
Gap Assessment & POA&M Tools Interactive tools to document control status, identify gaps, and track remediation. Conduct internal assessments; populate POA&M; assign internal resources for remediation.
System Security Plan (SSP) Editable SSP templates and structured input forms. Complete the SSP using organization-specific architecture and configurations (do not include CUI in platform).
Policy & Procedure Document Manager Secure document upload and version tracking (documents must not contain CUI). Develop and maintain required policies/procedures; upload redacted versions if using IntelComp.
Evidence Management & Audit Trail Tool for organizing, tagging, and timestamping evidence (platform does not accept or store CUI). Maintain CUI-sensitive evidence outside IntelComp; upload only sanitized or metadata-level proof where possible.
Training Tracker Training completion tracking and template storage (no user PII/CUI stored). Deliver training, ensure compliance with CMMC/NIST training mandates, and retain records on secure internal systems.
Risk Assessment & Risk Management Plan (RMP) Risk register and mitigation tracking tools. Identify, score, and document business-specific risks without disclosing sensitive or CUI-related information.
Control Implementation Tracker Progress dashboard per control with audit-ready status views. Execute control implementation internally or through third-party providers; document outcomes separately.
Audit Readiness Dashboard Summary of overall compliance progress with exportable reporting. Use reporting to support audit preparation and stakeholder communication; maintain CUI-specific audit packages externally.
Configuration Management Tracker Fields to record CM activities and baseline documentation (no CUI). Document approved system changes and keep sensitive config files in secure, CUI-compliant environments.
Incident Response Tracker Event logging fields for IR planning and non-CUI metadata. Maintain full IR logs and incident reports on secure internal systems per CUI requirements.
Monitoring & Logging Documentation Support Upload area for non-sensitive logs or summaries. Conduct full system monitoring and log reviews in CUI-compliant infrastructure; use platform for metadata tracking only.
Data Backup & Retention Documentation Tools Templates and upload areas for policy docs. Implement backup/retention solutions according to NIST 800-171 without storing CUI in the platform.
Subscription & License Management User/license administration and account management tools. Maintain subscription billing info, user count, and framework selection.

CUI Disclaimer:

IntelComp does not process, store, transmit, or access Controlled Unclassified Information (CUI).

All sensitive system data, evidence containing CUI, and configuration files must be maintained in customer-controlled, CMMC-compliant environments. IntelComp is a documentation and compliance tracking platform only.

Need Help Simplifying Your Compliance Journey?

Discover how IntelComp Compliance Management System can help you achieve and maintain CMMC 2.0 compliance effortlessly.

Get Free 90-day Compliance Management Software