The CMMC was developed to create a framework to assess an organization’s implementation of cybersecurity practices evenly across the defense industrial base. Each organization needs to set an SLA for risk mitigation efforts and needs the ability to report on when risks were mitigated. Tenable.sc provides the ability to view current and previous vulnerabilities detected in the network, and bring to the forefront those risk which are most exploitable.