A free, client-side CMMC 2.0 Level 2 asset scoping tool. Built by APT Security Management.
Try it live: https://asset-categorizer.aptsecuritymanagement.com
Walks you through a structured yes/no decision tree to classify every asset in your environment into the correct CMMC 2.0 scoping category:
- CUI Asset
- Security Protection Asset (SPA)
- Contractor Risk Managed Asset (CRMA)
- Specialized Asset
- or Out-of-Scope Asset.
The logic follows 32 CFR § 170.19(c)(1) Table 3 and the CMMC Scoping Guide Level 2 v2.13 (September 2024), with plain-language help text drawn directly from the regulation.
Add as many assets as you need in a single session. The category summary updates in real time. Export the completed inventory as a CSV, XLSX, or PDF for use in your SSP.
- No data is transmitted off your device
- No accounts, no logins, no telemetry
- Not a substitute for a C3PAO assessment or formal CMMC consultation
- The PDF and XLSX exports are for internal documentation; they are not formal assessment deliverables
git clone https://github.com/Apt-Security-Management/apt-asset-categorizer.git
cd apt-asset-categorizer
npm install
npm run dev
Open http://localhost:5173.
npm run build
Open dist/index.html in any browser. No internet required.
Source-available under FSL-1.1-Apache-2.0. Free to use, fork, modify, and run for any purpose other than offering this software as a competing hosted or embedded service. Converts to Apache 2.0 two years after release. See LICENSE.
This tool is a starting point. APT Security Management provides full CMMC gap assessments, SSP development, and assessment prep. Contact us at sales@aptsecuritymanagement.com or +1 844 554 2458.