The answer in 50 words
A CMMC readiness assessment confirms you are ready to affirm: all 15 Level 1 requirements MET, evidence captured, your SSP written, and your affirming official prepared to post to SPRS. A gap assessment finds what is missing, readiness confirms nothing is.
What Level 1 readiness looks like
All 15 requirements are MET
Level 1 is binary. Readiness means every one of the 15 FAR 52.204-21 requirements is MET, with no NOT MET and no partial, because a single NOT MET makes the whole assessment fail.
Evidence is captured for each requirement
For every requirement you can show proof: enforced 2-Step Verification, sharing restrictions, your visitor log, your flaw-remediation process. Readiness is not a claim, it is evidence you could hand a reviewer.
Your SSP is written
A System Security Plan that records how you meet each requirement. It is the document a prime, contracting officer, or DIBCAC reviewer asks to see, and it must exist before you affirm.
Your affirming official is ready to post to SPRS
A senior official who accepts responsibility for accuracy submits the annual affirmation through PIEE and SPRS. Readiness means that person has reviewed the package and is prepared to sign.
CMMC readiness assessment: FAQ
What is a CMMC readiness assessment?
A CMMC readiness assessment confirms you are actually ready to affirm compliance, rather than just started. For Level 1 it verifies that all 15 FAR 52.204-21 requirements are MET, that evidence exists for each, that your System Security Plan is written, and that your affirming official is prepared to post the affirmation to SPRS. It is the final check before you sign.
What is the difference between a gap assessment and a readiness assessment?
A gap assessment finds what is missing at the start; a readiness assessment confirms nothing is missing at the end. In practice you run a gap assessment, close the gaps, then a readiness assessment verifies you are clean and ready to affirm. A good platform does both in one continuous flow.
Do I need a third party for a Level 1 readiness assessment?
No. Level 1 is self-assessed and self-affirmed, with no C3PAO involved. You can confirm readiness yourself or with a compliance officer who reviews your package the way an assessor would. Custodia includes that review, so you sign with confidence rather than hope.
How long does it take to get ready for Level 1?
For a typical small contractor handling only FCI, days, not weeks. Most of the 15 requirements are things you already do; readiness is mostly about documenting and evidencing them correctly. Custodia gets owners to a posted affirmation in about 30 days with the officer plan, guaranteed, or the officer keeps working free until you are.
Know you are ready before you sign
Custodia confirms all 15 are MET, reviews your evidence, generates your SSP and affirmation, and, with the officer plan, checks the package the way an assessor would. Start free for 7 days, no card.