CMMC Budgeting Tool
Continuous MonitoringWorkload Calculator
Calculate the real hours and FTE required for CMMC continuous monitoring across all 320 assessment objectives. Model vendor coverage, adjust review times, and plan your compliance workload.
From BomberJacket Networks | Also try: CMMC Budget Planner / CMMC ROI Calculator / ConMon Site User Guide
Workload Planning Matters
Organizations underestimate CMMC continuous monitoring effort by 40-60%. Use this calculator to right-size your compliance team before assessment.
SELECTED OBJECTIVES
320
ANNUAL HOURS
565
Hours per year
FTE ESTIMATE
0.27
Full-time equivalents
SELECTED AOs COST
$26,508
Based on role rates
Hours by Frequency
monthly
228 hrs
weekly
138.7 hrs
quarterly
133.3 hrs
annual
38 hrs
bi-annual
19.3 hrs
quarterly/event-driven
6.7 hrs
event-driven
0.8 hrs
annual/event-driven
0.7 hrs
Hours by Family (Top 10)
AC
122.3 hrs
AU
111 hrs
CM
65.3 hrs
SI
62.3 hrs
SC
61 hrs
IA
59 hrs
MA
14.8 hrs
RA
14.3 hrs
PE
13.7 hrs
IR
12.7 hrs
Cost by Role
IT Admin207 obj · 371 hrs
$16,718
HR33 obj · 115 hrs
$4,587
Supervisor57 obj · 58 hrs
$3,208
CXO23 obj · 21 hrs
$1,995
Loading vendor library...
Contractor Users in CUI Environment
Select how many employees access your CUI environment. Larger teams require more review time per objective. Values can be manually overridden per AO.
Download Your Continuous Monitoring Report
PDF summary of contractor objectives and annual hours
All Objectives
Showing 1-80 of 320 objectives
| Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 3.1.1[a] | L1 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | authorized users are identified. |
| 3.1.1[b] | L1 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | processes acting on behalf of... |
| 3.1.1[c] | L1 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | devices (and other systems) authorized... |
| 3.1.1[d] | L1 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | system access is limited to... |
| 3.1.1[e] | L1 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | system access is limited to... |
| 3.1.1[f] | L1 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | system access is limited to... |
| 3.1.2[a] | L1 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | the types of transactions and... |
| 3.1.2[b] | L1 | AC | Contractor | Supervisor | Config, Logs & Test | Quarterly | min | 1.33 | system access is limited to... |
| 3.1.3[a] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | information flow control policies are... |
| 3.1.3[b] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | methods and enforcement mechanisms for... |
| 3.1.3[c] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Quarterly / Event-Driven | min | 1.33 | designated sources and destinations (e.g.,... |
| 3.1.3[d] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | authorizations for controlling the flow... |
| 3.1.3[e] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | approved authorizations for controlling the... |
| 3.1.4[a] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | the duties of individuals requiring... |
| 3.1.4[b] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | responsibilities for duties that require... |
| 3.1.4[c] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | access privileges that enable individuals... |
| 3.1.5[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Monthly | min | 4.00 | privileged accounts are identified. |
| 3.1.5[b] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | access to privileged accounts is... |
| 3.1.5[c] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Monthly | min | 4.00 | security functions are identified. |
| 3.1.5[d] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | access to security functions is... |
| 3.1.6[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Monthly | min | 4.00 | nonsecurity functions are identified. |
| 3.1.6[b] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | users are required to use... |
| 3.1.7[a] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Monthly | min | 4.00 | privileged functions are defined. |
| 3.1.7[b] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Monthly | min | 4.00 | non-privileged users are defined. |
| 3.1.7[c] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | non-privileged users are prevented from... |
| 3.1.7[d] | L2 | AC | Contractor | IT Admin | Logs | Weekly | min | 17.33 | the execution of privileged functions... |
| 3.1.8[a] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | the means of limiting unsuccessful... |
| 3.1.8[b] | L2 | AC | Contractor | Supervisor | Config, Logs & Test | Quarterly | min | 1.33 | the defined means of limiting... |
| 3.1.9[a] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | privacy and security notices required... |
| 3.1.9[b] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | privacy and security notices are... |
| 3.1.10[a] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | the period of inactivity after... |
| 3.1.10[b] | L2 | AC | Contractor | Supervisor | Config, Logs & Test | Quarterly | min | 1.33 | access to the system and... |
| 3.1.10[c] | L2 | AC | Contractor | Supervisor | Config, Logs & Test | Quarterly | min | 1.33 | previously visible information is concealed... |
| 3.1.11[a] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | conditions requiring a user session... |
| 3.1.11[b] | L2 | AC | Contractor | Supervisor | Config, Logs & Test | Quarterly | min | 1.33 | a user session is automatically... |
| 3.1.12[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | remote access sessions are permitted. |
| 3.1.12[b] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | the types of permitted remote... |
| 3.1.12[c] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | remote access sessions are controlled. |
| 3.1.12[d] | L2 | AC | Contractor | IT Admin | Logs | Monthly | min | 4.00 | remote access sessions are monitored. |
| 3.1.13[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | cryptographic mechanisms to protect the... |
| 3.1.13[b] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | cryptographic mechanisms to protect the... |
| 3.1.14[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | managed access control points are... |
| 3.1.14[b] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | remote access is routed through... |
| 3.1.15[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Monthly | min | 4.00 | privileged commands authorized for remote... |
| 3.1.15[b] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | security-relevant information authorized to be... |
| 3.1.15[c] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Monthly | min | 4.00 | the execution of the identified... |
| 3.1.15[d] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | access to the identified security-relevant... |
| 3.1.16[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | wireless access points are identified. |
| 3.1.16[b] | L2 | AC | Contractor | Supervisor | Config, Logs & Test | Quarterly | min | 1.33 | wireless access is authorized prior... |
| 3.1.17[a] | L2 | AC | Contractor | IT Admin | Document, Config, Logs & Test | Quarterly | min | 1.33 | wireless access to the system... |
| 3.1.17[b] | L2 | AC | Contractor | IT Admin | Document, Config, Logs & Test | Quarterly | min | 1.33 | wireless access to the system... |
| 3.1.18[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | mobile devices that process, store,... |
| 3.1.18[b] | L2 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | mobile device connections are authorized. |
| 3.1.18[c] | L2 | AC | Contractor | IT Admin | Logs | Quarterly | min | 1.33 | mobile device connections are monitored... |
| 3.1.19[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | mobile devices and mobile computing... |
| 3.1.19[b] | L2 | AC | Contractor | IT Admin | Config & Logs | Quarterly | min | 1.33 | encryption is employed to protect... |
| 3.1.20[a] | L1 | AC | Contractor | IT Admin | Document Review/Approve | Bi-Annually | min | 0.67 | connections to external systems are... |
| 3.1.20[b] | L1 | AC | Contractor | IT Admin | Document Review/Approve | Bi-Annually | min | 0.67 | the use of external systems... |
| 3.1.20[c] | L1 | AC | Contractor | IT Admin | Config, Logs & Test | Bi-Annually | min | 0.67 | connections to external systems are... |
| 3.1.20[d] | L1 | AC | Contractor | IT Admin | Config, Records & Test | Annually | min | 0.33 | the use of external systems... |
| 3.1.20[e] | L1 | AC | Contractor | IT Admin | Config, Logs & Test | Quarterly | min | 1.33 | connections to external systems are... |
| 3.1.20[f] | L1 | AC | Contractor | IT Admin | Config & Logs | Quarterly | min | 1.33 | the use of external systems... |
| 3.1.21[a] | L2 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | the use of portable storage... |
| 3.1.21[b] | L2 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | limits on the use of... |
| 3.1.21[c] | L2 | AC | Contractor | Supervisor | Config & Logs | Quarterly | min | 1.33 | the use of portable storage... |
| 3.1.22[a] | L1 | AC | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | individuals authorized to post or... |
| 3.1.22[b] | L1 | AC | Contractor | Supervisor | Document Review/Approve | Annually | min | 0.33 | procedures to ensure CUI is... |
| 3.1.22[c] | L1 | AC | Contractor | Supervisor | Records | Quarterly | min | 1.33 | a review process is in... |
| 3.1.22[d] | L1 | AC | Contractor | Supervisor | Records | Quarterly | min | 1.33 | content on publicly accessible systems... |
| 3.1.22[e] | L1 | AC | Contractor | IT Admin | Records | Quarterly / Event-Driven | min | 1.33 | mechanisms are in place to... |
| 3.2.1[a] | L2 | AT | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | security risks associated with organizational... |
| 3.2.1[b] | L2 | AT | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | policies, standards, and procedures related... |
| 3.2.1[c] | L2 | AT | Contractor | IT Admin | Config, Records & Test | Quarterly | min | 1.33 | managers, systems administrators, and users... |
| 3.2.1[d] | L2 | AT | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | managers, systems administrators, and users... |
| 3.2.2[a] | L2 | AT | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | information security-related duties, roles, and... |
| 3.2.2[b] | L2 | AT | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | information security-related duties, roles, and... |
| 3.2.2[c] | L2 | AT | Contractor | IT Admin | Records & Test | Quarterly | min | 1.33 | personnel are adequately trained to... |
| 3.2.3[a] | L2 | AT | Contractor | IT Admin | Document Review/Approve | Annually | min | 0.33 | potential indicators associated with insider... |
| 3.2.3[b] | L2 | AT | Contractor | IT Admin | Config, Records & Test | Quarterly | min | 1.33 | security awareness training on recognizing... |
| 3.3.1[a] | L2 | AU | Contractor | HR | Document Review/Approve | Annually | min | 0.33 | audit logs needed (i.e., event... |
Per page:
Page 1 of 4
Frequently Asked Questions
Ready to Start Your CMMC Journey?
Schedule an executive briefing to discuss your compliance needs and receive a customized service recommendation.
Schedule Executive Briefing