.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
CMMC Scoping Guide: How to Define Your Level 2 Assessment Boundary
by Derek Boczenowski on June 5, 2026 at 11:30 AM
One of the most consequential (and most misunderstood) steps in preparing for CMMC compliance is defining the scope of your assessment boundary. Scope too broadly and you’re burdening your organization with unnecessary controls and cost. Scope too narrowly and you risk leaving Control …
How to Reduce CMMC Scope: A Practical Guide for Defense Contractors
by Jake Dwares on May 15, 2026 at 4:37 PM
For defense contractors preparing for Cybersecurity Maturity Model Certification (CMMC), scope is the single biggest lever you have over cost, timeline, and audit complexity. The smaller and more clearly defined your scope, the fewer systems your assessor has to evaluate, the fewer co …
CMMC Assessments in Higher Education: What Campus Leaders Are Saying
by Alexander Magid on May 5, 2026 at 3:33 PM
I just got back from the EDUCAUSE Cybersecurity and Privacy Professionals Conference in Anaheim last week, and I came home with a notebook full of conversations that I think a lot of provosts, CIOs, and CISOs need to hear. The hallway talk between sessions, the candid moments over cof …
CMMC & the False Claims Act: High Stakes for DoD Contractors
by Derek Boczenowski on November 17, 2025 at 1:14 PM
Cybersecurity compliance for Defense Industrial Base (DIB) organizations has never been purely technical, but the stakes have now escalated into a very real legal and financial risk. With the Department of Defense’s final CMMC rule taking effect on November 10, 2025, and the Departmen …
CMMC Final Rule Compliance: A Guide for Defense Contractors
by Justin Leach on November 12, 2025 at 3:17 PM
Since its publication nearly two months ago, the Cybersecurity Maturity Model Certification (CMMC) Final Rule has moved from anticipation to implementation. For defense contractors, compliance is no longer theoretical. The rule is now shaping how the Department of Defense (DoD) manage …
How to Report Your SPRS Score for DoD CMMC Self-Assessment
by Kelly O’Brien on June 10, 2025 at 2:59 PM
%20Score.jpg)
If you contract with the Department of Defense (DoD)—directly or indirectly—you’re likely required to report a cybersecurity self-assessment score to the Supplier Performance Risk System (SPRS). SPRS is a web-based system used by the DoD to track and assess contractor performance and …