Free download · One-page PDF · Print-ready
The CMMC ITAD Control Checklist
The working tool from our CMMC & ITAD Compliance Guide, condensed to a single page you can pin next to your SSP — and hand to whoever owns asset disposition.
- The nine controls that govern IT asset disposition, with official SPRS point weights — verified against the DoD Assessment Methodology, Annex A.
- The six evidence artifacts a C3PAO will sample, from serialized certificates of destruction to the vendor due-diligence file.
- A five-minute self-audit — including the 10-serial reconciliation test assessors actually run.
- The SSD trap, called out so nobody on your team degausses flash media again.
Why it matters: Media Protection holds two of the program's five-point controls (3.8.3 and 3.8.7) — and five-point requirements cannot go on a POA&M. Phase 2 C3PAO certification hits new CUI contracts November 10, 2026.
Prefer the deep dive first? Read the full 14-section guide — no email required: CMMC & ITAD Compliance Guide
Get the checklist
Sent to your screen instantly — the download starts on the next page.
NAID AAAR2v3RIOSPA DEPALL 50 STATES