CMMC Frequently Asked Questions
We have cybersecurity under control, why do I need this?
CMMC must be performed by a certified auditor in order to gain the certification at your required level. If your cybersecurity level already matches the requirements of CMMC, you will still have to undergo the audit to obtain the certificate. You can read more on their website.
How do I activate my account? Do I have to download something?
CyberCompass is cloud-based. You don’t have to download anything and it can be accessed anywhere you have an internet connection.
What is CyberCompass software and how does it work?
First of all you don’t need to be a Cyber Security Expert.
CyberCompass software translates government requirements into layman’s term, doing most of the heavy lifting for the analysis. You start with your security risk assessment, an online survey, that walks your broker or staff member through questions that are designed to determine your practice’s level of cyber security and compliance with CMMC. CyberCompass includes an online secure vault capability for you to upload all your supporting documentation or “body of evidence” required to maintain for 5 years as you complete the assessment.
Once you complete the survey, you will receive a report spelling out items that need to be addressed and how to correct them. It even prioritizes those items so you can focus on where you have critical vulnerabilities and non-compliance.
I am not a cybersecurity expert. Can I assign other employees to answer questions when I don’t know the answer?
You don’t have to be an expert to complete the assessment. The survey questions are written in layman terms and the answers are all in Yes/No/Not Available format. CyberCompass has a built in library and references for each question so you can easily understand how it corresponds to the regulations. You can flag the question if you don’t know the answer. All the flagged questions are tracked. With CyberCompass you can assign a question or task to someone. They will receive an email with a deadline. All the responses are tracked in CyberCompass.
I don’t have the internal resources to do this and I am not comfortable doing an assessment without a professional. Do you offer assistance?
Yes. We can provide you an expert assessor who can walk you through the assessment and remediation remotely. They also offer on-site assessments if you need in-depth assistance. We find that most clients feel so comfortable with CyberCompass after the first assessment, they do all the assessments without a professional, saving them time and money.
I have multiple entities, can I use CyberCompass with different locations and/or different departments?
CyberCompass Enterprise has a Task Management System (TMS) feature for consultants and client administrators to assign tasks to client users without having an account on CyberCompass to drive for faster response. Our TMS features allow a secure link assignment to be emailed, giving the assigned user access to the specific task. Now the consultant can assign a survey from an assessment to either an internal or external user, using the TMS. The recipient will be assigned a deadline to answer the survey questions before receiving auto-generated reminders.
What do the results of the assessment show and what do I do with them?
The report, which can be kept confidential or shared with your managed service provider and often confirms the reality that 90% of breaches that happen every year come from very simple, easy to solve problems and not big-ticket items. Most clients discover they are not following the basics of securing client information and do not have a plan if a breach happens to reduce business disruption costs. CyberCompass gives you the ability to gain visibility to your vulnerabilities, outline the actions you need to take to improve your cyber security, and monitor your progress to increase your cyber resilience and compliance.
How does CyberCompass automate compliance?
CyberCompass automates most of the compliance requirements with a complete set of policies and procedures and all the compliance plans documentation. With CyberCompass you learn the basics of cyber security hygiene and incorporate them into your culture for better protection across people, processes, technology and vendors.