Evaluates code-level controls aligned with CMMC Level 1 (FAR 52.204-21) — access control, identification and authentication, system protection, communications security, and information integrity for projects handling Federal Contract Information (FCI).
This audit covers 17 of 17 CMMC Level 1 practices. Four Physical Protection practices (PE.L1-3.10.1 through PE.L1-3.10.5) are included but automatically skipped — they require physical facility inspection and cannot be verified through code analysis. A passing score on this audit means your codebase meets the code-inspectable CMMC L1 requirements, but full certification also requires physical security controls assessed separately.
21
Total Checks
3
Delivery Formats
4
Categories
2
Versions
Included
Never included
Anti-sycophancy hardening: standardized check headers to #### Check: format, added enumeration requirements to all 21 checks, numeric thresholds throughout, 4 cross-references, quoting requirements, negative guardrails, measurement-on-pass reporting. Expanded physical protection checks with documentation references and remediation code blocks. Fixed bare-minimum manifest tolerance to all exact.
2026-04-02
Initial release — 21 checks across 6 CMMC Level 1 domains
2026-03-15
Picked by pack overlap with this audit.
Evaluates frontend security controls aligned with NIST 800-53, authentication strength, audit logging, continuous monitoring readiness, and incident response documentation.
Evaluates 21st Century IDEA Act compliance, plain language usage, required pages and links, USWDS pattern alignment, and digital analytics readiness.
Evaluates WCAG 2.1 AA compliance, Section 508 E-series requirements, assistive technology compatibility, document accessibility, and VPAT readiness for government web applications.
Copy the prompt in your preferred format above.
Paste into your AI coding tool (Claude Code, Cursor, Bolt, etc.).
Let the AI run all checks. Review the structured JSON output it produces.
Submit the JSON telemetry block to AuditBuffet for scoring and benchmarks.
Paste your JSON telemetry to get scores and benchmarks.
Submit Results