Consulting Deliverables Library
Premium templates and sample reports developed by our cybersecurity consultants. Each deliverable is available as a branded sample PDF and an editable Word template ready for client engagements.
Engagement Template Map
Which documents to use at each phase of a CMMC Level 2 engagement. Follow the playbook for process; use the templates for deliverables.
- Scoping Questionnaire
- NDA Template
- Capability Brief
- Document Request List
- Client Comms Templates
- CMMC Gap Assessment
- Vendor Questionnaire
- QA Checklist
- SSP (110 Controls)
- POA&M Template
- V-CISO Report
- IR Plan Template
- TPRM Assessment
- POA&M Template
- SSP (Final)
- Gap Assessment
- QA Checklist
Reference the CMMC Engagement Playbook for detailed step-by-step procedures at each phase
CMMC & Compliance
Mission-critical compliance documentation for defense contractors and regulated industries
CMMC Gap Assessment Report
CMMC Level 2 readiness assessment with SPRS scoring, risk heat map, and prioritized remediation roadmap. Now includes 25+ sample findings with real-world gap descriptions, evidence references, cost estimates, and remediation recommendations.
System Security Plan (SSP)
Complete SSP with all 110 NIST 800-171 Rev 2 controls — each with requirement text, implementation status fields, sample implementation language, evidence references, and responsible entities. Includes system boundary, SPRS scoring, and stakeholder documentation.
Plan of Action & Milestones (POA&M)
CMMC 2.0 compliant POA&M template with conditional certification rules, 180-day remediation tracking, resource planning, and milestone management.
Engagement Tools
Working artifacts for client engagements — questionnaires, checklists, and assessment tools referenced by the playbooks
CMMC Scoping Questionnaire
Pre-engagement questionnaire for CMMC Level 2 assessments. Covers organization profile, contract landscape, CUI environment, IT infrastructure, existing documentation, personnel, and timeline. Send within 24 hours of discovery call.
Document Request List
Comprehensive evidence collection checklist with 118 items across 15 categories mapped to all 110 NIST 800-171 controls. Tracks collection status, dates received, and missing documentation gaps.
Vendor Risk Assessment Questionnaire
10-section third-party security questionnaire for CUI subcontractors. Covers compliance status, CUI handling, access control, security operations, encryption, incident response, and personnel security with built-in scoring methodology.
Security Operations
Operational security templates for continuous monitoring, incident management, and risk assessment
V-CISO Monthly Report
Executive security posture report with dashboard metrics, CMMC progress tracking, threat landscape analysis, vulnerability trends, and strategic recommendations.
Incident Response Plan
NIST SP 800-61 incident response plan with DFARS 252.204-7012 compliance, DCISE reporting procedures, CUI handling protocols, and tabletop exercise scenarios.
Third-Party Risk Management Assessment
SCF-based vendor risk assessment with 49-question security questionnaire across 8 domains, risk scoring methodology, and remediation tracking.
Legal & Agreements
Contract templates and legal frameworks for defense and federal engagements
Mutual Non-Disclosure Agreement
CUI-specific mutual NDA with DFARS compliance provisions, 72-hour incident reporting obligations, and controlled unclassified information handling requirements.
Federal Teaming Agreement
Federal teaming agreement template with SDVOSB provisions, SBA compliance, work share allocation, and flow-down FAR/DFARS clauses.
Staffing & Operations
Staffing engagement documentation and operational process guides
Staffing Master Service Agreement
Master staffing services agreement with 90-day guarantee, conversion fee schedules, SOW template, compliance requirements, and performance SLAs.
Candidate Vetting Process
Six-stage candidate vetting pipeline with sourcing channels, screening criteria, technical assessments, clearance verification, and quality metrics.
Executive
High-level capability overviews and strategic engagement materials
Executive Capability Brief
Two-page executive overview of Dominus Gray's capabilities, service offerings, differentiators, CMMC timeline, and engagement model.
Operational Playbooks
Internal standard operating procedures, engagement playbooks, and quality standards for service delivery
CMMC Engagement Playbook
End-to-end SOP for CMMC Level 2 assessments — pre-sales through C3PAO preparation with scoping checklists, control family assessment guide, SPRS scoring, and remediation advisory procedures.
V-CISO Operations Playbook
Monthly operating cadence for V-CISO retainers — onboarding workflow, weekly activity structure, KPI tracking, QBR agenda, incident escalation, and technology stack recommendations.
Incident Response Retainer Playbook
IR retainer management SOP — client onboarding, incident activation protocol, severity classification, containment procedures, DCISE reporting, post-incident review, and tabletop exercise guide.
TPRM Engagement Playbook
Third-party risk management delivery process — vendor inventory, risk categorization, 49-question assessment workflow, scoring methodology, remediation tracking, and program build deliverables.
Staffing Operations Playbook
Cleared cybersecurity staffing SOP — client intake, sourcing strategy, 6-stage vetting pipeline, interview coordination, onboarding, milestone check-ins, billing, and SDVOSB compliance.
Quality Assurance Checklist
Pre-delivery review checklist covering document completeness, placeholder removal, accuracy verification, formatting standards, writing quality, technical accuracy, and security handling.
Client Communication Templates
Standardized email templates for the full engagement lifecycle — discovery follow-up, proposals, kickoff invitations, document requests, status reports, deliverable transmittals, and incident activation.