Totem™ CMMC Compliance Management Software
Self-Managed
Customize your SSP and self-assess
$95
Per month
- Includes CMMC L1 controls
- SSP Template
- 1 User Account*
- Updates for Compliance Changes
- Access to Totem KnowledgeBase
- 10% Discount on Training Services
* Additional users may be added for $25 per month per user
Compliance+
Software + expert consultation
$455
Per month
- All Features of Self-Managed
- Unlimited Users
- Dedicated Cybersecurity Account Manager
- Monthly one-on-one consultation session*
* Receive ongoing guidance during implementation of SSP and POA&M
Enterprise
Perfect for organizations with multiple
divisions, cost centers, or CAGE codes
$500
Per month
- + $190 per division per month
- One-Hour Administrative Training*
- Custom URL
- Custom tenant entirely under your control
* Requires prior participation in our CMMC Level 1 Readiness Workshop to gain familiarity with tool workflow
Built for CMMC.
Designed for you.
Totem™ is the trusted CMMC and NIST 800-171 compliance documentation and planning solution for defense contractors and their external service providers.

CMMC compliance is challenging.
We get that.
Totem is purposefully designed to help you:
Assess your clients' CMMC implementation and track and report current scores
Quickly build an SSP, POA&M, SRM, and other required documentation
Prove your clients' CMMC compliance to a C3PAO or other external auditor
Continuously monitor your clients' CMMC compliance program long-term
Simple workflows and free templates. A beautiful combination.
System Security Plan (SSP)
The SSP is the blueprint of your clients’ CMMC compliance program. Totem contains a simple SSP workflow that follows the NIST SP 800-171A assessment objectives. Using this workflow, you can:
- Designate compliance status for each assessment objective
- Provide justification and evidence for compliance
- Describe shared responsibilities
- Generate an accurate SPRS score
- Add deficient assessment objectives to a POA&M
Plan of Action & Milestones (POA&M)
The POA&M is your clients’ “get well plan”, outlining deficient assessment objectives and your strategy for remediation. Totem contains a simple POA&M workflow that allows you to:
- Build corrective action plans (CAP) for remediation
- Utilize pre-populated CAP templates for common deficiencies
- Assign responsible entities to corrective actions
- Automatically update assessment objective compliance status via CAP completion
- Create a Gantt Chart to visualize POA&M completion timeline
Totem™ is ideal for:
Defense contractors and subcontractors facing CMMC compliance
External service providers assisting defense contractors with CMMC compliance
Government Industrial Base members assisting with CMMC (APEX, MEP, NCMA, SBDC)
Download our white paper!

Pricing that won't break the bank.
View pricing for both external service providers (ESP) and defense contractors.
Ideal for those helping manage their clients’ CMMC compliance. View Partner and Non-Partner pricing. Want to become a Totem Trusted Partner? Learn more here!
Non-Partner
Trusted Partner
Resell Only
Totem Tech manages Totem™ instance
$0
Per month
- + $206.50 per CMMC L2 org (30% discount)
- + $66.50 per CMMC L1 org (30% discount)
- Includes CMMC L2, NIST 800-171, ISO 27001:2022, HIPAA controls
- Unlimited users
- Free CMMC templates
- Updates for compliance changes
- One (1) free seat in our CMMC L2 workshop ($2,500 value)
ESP-Managed
ESP manages Totem™ instance
$250
Per month
- + $206.50 per CMMC L2 org (30% discount)
- + $66.50 per CMMC L1 org (30% discount)
- Includes CMMC L2, NIST 800-171, ISO 27001:2022, HIPAA controls
- Unlimited users
- Custom Totem™ instance
- Free CMMC templates
- Updates for compliance changes
- One (1) free seat in our CMMC L2 workshop ($2,500 value)
Totem-Managed
Totem Tech manages Totem™ instance
$400
Per month
- + $206.50 per CMMC L2 org (30% discount)
- + $66.50 per CMMC L1 org (30% discount)
- Includes CMMC L2, NIST 800-171, ISO 27001:2022, HIPAA controls
- Unlimited users
- Free CMMC templates
- Updates for compliance changes
- One (1) free seat in our CMMC L2 workshop ($2,500 value)
Resell Only
Totem Tech manages Totem™ instance
$0
Per month
- + $295.00 per CMMC L2 org
- + $95.00 per CMMC L1 org
- Includes CMMC L2, NIST 800-171, ISO 27001:2022, HIPAA controls
- Unlimited users
- Free CMMC templates
- Updates for compliance changes
ESP-Managed
ESP manages Totem™ instance
$250
Per month
- + $295.00 per CMMC L2 org
- + $95.00 per CMMC L1 org
- Includes CMMC L2, NIST 800-171, ISO 27001:2022, HIPAA controls
- Unlimited users
- Custom Totem™ instance
- Free CMMC templates
- Updates for compliance changes
Totem-Managed
Totem Tech manages Totem™ instance
$400
Per month
- + $295.00 per CMMC L2 org
- + $95.00 per CMMC L1 org
- Includes CMMC L2, NIST 800-171, ISO 27001:2022, HIPAA controls
- Unlimited users
- Free CMMC templates
- Updates for compliance changes
Ideal for those managing their own CMMC compliance. View CMMC Level 1 and Level 2 pricing.
CMMC Level 1
CMMC Level 2
Self-Managed
Customize your SSP and self-assess
$295
Per month
- Includes CMMC L2, NIST 800-171, ISO 27001:2022, HIPAA controls
- Unlimited Users
- Free CMMC Templates
- Updates for Compliance Changes
- Access to Totem KnowledgeBase
- 10% Discount on Training Services
Compliance+
Software + expert consultation
$685
Per month
- All Features of Self-Managed
- Dedicated Cybersecurity Account Manager
- Monthly one-on-one consultation session*
* Receive ongoing guidance during implementation of SSP and POA&M
Enterprise
Perfect for organizations with multiple
divisions, cost centers, or CAGE codes
$500
Per month
- + $190 per division per month
- One-Hour Administrative Training*
- Custom URL
- Custom tenant entirely under your control
* Requires prior participation in our CMMC Level 1 Readiness Workshop to gain familiarity with tool workflow
Self-Managed
Customize your SSP and self-assess
$95
Per month
- Includes CMMC L1 controls
- Unlimited Users
- Free CMMC Templates
- Updates for Compliance Changes
- Access to Totem KnowledgeBase
- 10% Discount on Training Services
Compliance+
Software + expert consultation
$455
Per month
- All Features of Self-Managed
- Dedicated Cybersecurity Account Manager
- Monthly one-on-one consultation session*
* Receive ongoing guidance during implementation of SSP and POA&M
Enterprise
Perfect for organizations with multiple
divisions, cost centers, or CAGE codes
$500
Per month
- + $190 per division per month
- One-Hour Administrative Training*
- Custom URL
- Custom tenant entirely under your control
* Requires prior participation in our CMMC Level 1 Readiness Workshop to gain familiarity with tool workflow
Frequently Asked Questions
Yes. MSPs can procure their own “instance” of Totem, where they can manage all their clients in one place entirely under their control. Additionally, Trusted Partners receive a significant discount on Totem.
No. You may choose to purchase an annual subscription and save 10%, but we do not require any long-term contracts or commitments.
Yes. Totem supports the following:
- CMMC L1 (FAR 52.204-21)
- CMMC L2 (NIST SP 800-171 rev. 2)
- CMMC L3 (NIST SP 800-171 + NIST SP 800-172)
- NIST SP 800-171 rev. 3
- ISO/IEC 27001:2022
- HIPAA 405d
Yes! Check out our next CMMC workshop: https://www.totem.tech/workshop
Yes! This is the basis of our SSP and POA&M generation workflows within Totem. Contact us if you need help.
Yes, Totem Technologies staff are available to answer any questions about use of the tool at no extra charge. In addition to a live support feature, our Support Center contains answers to many frequently asked questions: https://support.totem.tech/
Please see our Security Features page for a description on how Totem protects your sensitive data.
CMMC compliance starts with a plan.
See why Totem™ is the trusted CMMC planning solution.