What’s Included

What’s Included in Artifact Factory

The Artifact Factory CMMC Level 2 Documentation Package includes 166 professionally structured documents designed to support organizations preparing for CMMC Level 2 assessments. These documents span policies, procedures, plans, logs, registers, diagrams, and supporting artifacts aligned with CMMC Level 2 and NIST SP 800-171 requirements. This page provides a transparent breakdown of exactly what is included in the package so organizations can evaluate scope, depth, and suitability prior to purchase.

166 Total Documents
A comprehensive documentation inventory covering governance, operational processes, and assessment readiness.
Organized by Category
Documents are grouped into logical categories to support scoping, tailoring, and long-term maintainability.
Editable and Reusable
All documentation is delivered in editable formats and designed to be reused as part of an ongoing compliance program.

Documentation Categories

The Artifact Factory documentation package is organized into clearly defined categories. Each category serves a specific role in supporting CMMC Level 2 preparation and assessment readiness.

Organizations can focus on documents relevant to their system scope while maintaining the full set as a structured compliance baseline.

Policies (14 documents)

Core policy documents that establish organizational security expectations, governance, and management intent for CMMC Level 2 environments.

These policies define high-level requirements and provide the foundation for supporting procedures, plans, and operational activities across the compliance program.

Procedures (55 documents)

Detailed operational procedures describing how security controls are implemented, managed, reviewed, and maintained in practice.

These documents translate policy requirements into repeatable, auditable processes aligned with CMMC Level 2 and NIST SP 800-171 expectations.

Plans (42 documents)

Formal plans supporting key security and compliance activities, including risk management, incident response, contingency planning, continuous improvement, and program oversight.

These plans provide structure for how the organization prepares for, responds to, and manages security events and compliance obligations.

Forms & Logs (24 documents)

Standardized forms and logging templates used to record evidence of ongoing compliance activities, approvals, reviews, monitoring actions, and corrective measures.

These artifacts support auditability and demonstrate consistent execution of documented procedures.

Diagrams (8 documents)

Visual diagrams supporting system understanding, boundary definition, data flows, and architectural context relevant to CMMC scoping and assessment discussions.

These diagrams assist both internal stakeholders and assessors in understanding the system environment.

Control Mapping (1 document)

A structured control-mapping reference aligning documentation artifacts to applicable CMMC Level 2 and NIST SP 800-171 requirements.

This document supports traceability and helps organizations understand how documentation aligns to specific assessment objectives.

Annual Review Kit (12 documents)

Documentation and templates designed to support ongoing compliance reviews, periodic assessments, and program maintenance activities.

These materials help organizations demonstrate continuous oversight and improvement beyond initial certification preparation.

Pre-Assessment Package (8 documents)

Supporting documentation intended to assist organizations in preparing for formal assessment activities.

These artifacts help organize evidence, validate readiness, and streamline interactions with assessors during pre-assessment and assessment phases.

System Security Plan (SSP) (1 document)

A structured System Security Plan template designed to support CMMC Level 2 scoping, system description, control implementation summaries, and assessment readiness.

This document serves as a central reference for the organization’s security posture.

Read Me & Orientation Materials (1 document)

Introductory documentation providing guidance on package structure, intended use, and recommended next steps for tailoring and implementation.

How Organizations Use This Documentation

While the Artifact Factory package includes 166 documents, organizations are not expected to deploy every document verbatim.

The documentation is designed to be tailored based on system scope, operational maturity, and assessment strategy. Many organizations selectively implement documents based on relevance while maintaining the full set as a structured compliance baseline.

This approach supports both focused implementation and long-term program maturity.

Why This Level of Documentation Matters

Developing this volume of structured, assessment-aligned documentation typically requires hundreds of hours of compliance work. Artifact Factory provides this foundation upfront, allowing organizations to focus time and resources on implementation rather than document creation.

The documentation is designed to be reusable, maintainable, and adaptable as organizational needs evolve.

Access the Complete Documentation Package

View pricing, delivery details, and purchase options for the Artifact Factory CMMC Level 2 Documentation Package.

View the Documentation Package

Important Notes

Artifact Factory provides documentation templates and supporting materials only. Purchase does not guarantee CMMC certification or assessment outcomes. Organizations remain responsible for tailoring documentation, implementing controls, and preparing for assessment.