CMMC Frequently Asked Questions
We have cybersecurity under control, why do I need this?
You can save valuable time and money so you are head of your competitors when CMMC certification is implemented.
CMMC and the DoD intend to have only audited, certified CMMC contractors. They want to make sure anyone working with the DoD is meeting cybersecurity levels. It is anticipated CMMC certification will be required to be submitted with any DoD proposals to qualify.
How do I activate my account? Do I have to download something?
Contact our partner, Third Rock
CyberCompass is cloud-based. You don’t have to download anything.
What is CyberCompass software and how does it work?
First of all you don’t need to be a Cyber Security Expert.
CyberCompass software translates government requirements into layman’s term, doing most of the heavy lifting for the analysis. You start with your security risk assessment that is an online survey that walks your broker or staff member through questions that are designed to determine your practice’s level of cyber security and compliance with CMMC. CyberCompass includes an online secure vault capability for you to upload all your supporting documentation or “body of evidence” required to maintain for 5 years as you complete the assessment.
Once you complete the survey, you will receive a report spelling out items that need to be addressed and how to correct them. It even prioritizes those items so you can focus on where you have critical vulnerabilities and non-compliance.
I am not a cybersecurity expert. Can I assign other employees to answer questions when I don’t know the answer?
You don’t have to be an expert to complete the assessment. The survey questions are written in layman terms and the answers are all in Yes/No/Not Available format. CyberCompass has built in library and references for each question so you can easily understand how it corresponds to the regulations. You can flag the question if you don’t know the answer. All the flagged questions are tracked. With CyberCompass you can assign a question or task to someone. They will receive an email with a deadline. All the responses are tracked in CyberCompass™.
I don’t have the internal resources to do this and I am not comfortable doing an assessment without a professional. Do you offer assistance?
Yes. Through our partners, we can provide you an expert assessor who can walk you through the assessment and remediation remotely. They also offer on-site assessments if you need in-depth assistance. We find that most clients feel so comfortable with CyberCompass after the first assessment, they do all the assessments without a professional saving you money.
I have multiple entities, can I use CyberCompass with different locations and/or different departments?
We recently launched CyberCompass Enterprise, our latest update, has a Task Management System (TMS) feature for consultants and client administrators to assign tasks to client users without having an account on CyberCompass to drive for faster response. Our TMS features allow a secure link assignment to be emailed, giving the assigned user access to the specific task. Now the consultant can assign a survey from an assessment to either an internal or external user, using the TMS. The recipient will be assigned a deadline to answer the survey questions before receiving auto-generated reminders
What does results of assessment show and what do I do with them?
Most clients of CyberCompass are surprised that the results of the assessment. The report, which can be kept confidential or shared with your managed service provider, often confirms the reality that 90% of breaches that happen every year come from very simple, easy to solve problems and not big-ticket items. Most clients discover they are not following the basics of securing client information and not have a plan if a breach happens to reduce business disruption costs. CyberCompass gives you the ability to gain visibility to your vulnerabilities, outline the actions you need to take to improve your cyber security, and monitor your progress to increase your cyber resilience and compliance.
How does CyberCompass automate compliance?
CyberCompass automates most of the compliance requirements with a complete set of policies and procedures and all the compliance plans documentation. With CyberCompass you learn the basics of cyber security hygiene and incorporate them into your culture for better protection across people, processes, technology and vendors.