overview/ defense (cmmc contractor)/ defense-cmmc__hybrid-saas-and-vpc__m2m-api

Defense (CMMC contractor) Hybrid SaaS + VPC Machine-to-machine API call between services

Single ResolvedScenario, seven views, every honesty marker the resolver emits. Vendor overlay and reader-tier toggles live in the toolbar. 1635 in-scope provisions across 6 frameworks.

Trust Flow rail

Topology map

Stack diagram

Coverage heatmap

Maturity overlay (current → Advanced)

Threat overlay (m2m-token-replay)

Vendor substitution: Cloudflare One vs. Zscaler ZTE

Trust Flow rail

Satisfaction distribution

satisfied123 · 7.5%

partial1118 · 68.4%

gap394 · 24.1%

pendingEvidence (discretion-capped)954

total in scope1635

Frameworks in scope (6)

nist-sp-800-53-r593776327707

cisa-ztmm-v2014812100

nist-sp-800-171-r320882271

nist-csf-2-00753157

nist-sp-800-2071022013

dod-zt0926

Diagnostics (23)

gap (16)warn (7)info (0)

missing-component

Stage 2 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 3 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 4 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 5 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 5 requires Component PAP, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 7 requires Component PE, but no topology zone hosts one and no Equipment in scope fills it.

missing-component

Stage 8 requires Component PAP, but no topology zone hosts one and no Equipment in scope fills it.

maturity-shortfall

Equipment service-mesh-sidecar expects ApplicationsAndWorkloads maturity ≥ Advanced, resolved profile is Initial.

discretion-cap · cisa-ztmm-v2

Framework cisa-ztmm-v2: 100 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · dod-zt

Framework dod-zt: 6 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-csf-2-0

Framework nist-csf-2-0: 57 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-sp-800-171-r3

Framework nist-sp-800-171-r3: 71 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-sp-800-207

Framework nist-sp-800-207: 13 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

discretion-cap · nist-sp-800-53-r5

Framework nist-sp-800-53-r5: 707 provision(s) with medium/high discretion had full structural coverage but were capped at "partial" pending auditor judgment / explicit evidence.

stage-uncovered · cisa-ztmm-v2

Framework cisa-ztmm-v2: 8 provision(s) cite Trust Flow stages that no in-scope Equipment exercises.

stage-uncovered · nist-csf-2-0

Framework nist-csf-2-0: 10 provision(s) cite Trust Flow stages that no in-scope Equipment exercises.

stage-uncovered · nist-sp-800-171-r3

Framework nist-sp-800-171-r3: 16 provision(s) cite Trust Flow stages that no in-scope Equipment exercises.

stage-uncovered · nist-sp-800-53-r5

Framework nist-sp-800-53-r5: 105 provision(s) cite Trust Flow stages that no in-scope Equipment exercises.

control-uncovered · cisa-ztmm-v2

Framework cisa-ztmm-v2: 4 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · dod-zt

Framework dod-zt: 2 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · nist-csf-2-0

Framework nist-csf-2-0: 21 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · nist-sp-800-171-r3

Framework nist-sp-800-171-r3: 6 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

control-uncovered · nist-sp-800-53-r5

Framework nist-sp-800-53-r5: 222 provision(s) cite fillable Components with no in-scope Equipment filling them — the control class is unrepresented in the scenario stack.

Resolved MaturityProfile

IdentityAdvanced

DevicesAdvanced

NetworksAdvanced

ApplicationsAndWorkloadsInitial

DataAdvanced

VisibilityAndAnalyticsAdvanced

AutomationAndOrchestrationInitial

GovernanceAdvanced

Static fallback (JavaScript disabled)

All seven views render as static SVGs below. The interactive toolbar (vendor overlay, reader tier) and the right-side honesty panels require JavaScript.