Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment