https://signalplane.co/posts/ Engineering notes on CMMC, OSCAL, and compliance-as-code for the defense industrial base. en-us https://signalplane.co/posts/ssp-as-code.html Why grc.engineering delivers CMMC L2 System Security Plans as Goal Structuring Notation assurance cases, assembled from a signed pipeline. Sat, 12 Apr 2026 00:00:00 +0000 https://signalplane.co/posts/ssp-as-code.html https://signalplane.co/posts/why-not-vanta-for-cmmc.html Vanta, Drata, Hyperproof are built for SOC 2 and ISO 27001. CMMC L2 is a different problem — not because the controls differ but because of where the controls run. Sat, 12 Apr 2026 00:00:00 +0000 https://signalplane.co/posts/why-not-vanta-for-cmmc.html