.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
CMMC Scoping Guide: How to Define Your Level 2 Assessment Boundary
by Derek Boczenowski on June 5, 2026 at 11:30 AM
One of the most consequential (and most misunderstood) steps in preparing for CMMC compliance is defining the scope of your assessment boundary. Scope too broadly and you’re burdening your organization with unnecessary controls and cost. Scope too narrowly and you risk leaving Control …
CIS or NIST CSF? Choosing the Right Cybersecurity Framework (Or Both)
by Kelly O’Brien on July 24, 2025 at 1:00 PM
The Center for Internet Security (CIS) Critical Security Controls are a prioritized set of best practices designed to help organizations defend against common cyber threats. Version 8.0, released in 2021, introduced major changes to better reflect modern IT environments, including sup …
How to Report Your SPRS Score for DoD CMMC Self-Assessment
by Kelly O’Brien on June 10, 2025 at 2:59 PM
%20Score.jpg)
If you contract with the Department of Defense (DoD)—directly or indirectly—you’re likely required to report a cybersecurity self-assessment score to the Supplier Performance Risk System (SPRS). SPRS is a web-based system used by the DoD to track and assess contractor performance and …
FFIEC CAT Replaced by NIST CSF 2.0: What Banks Need to Know
by Jerry Hughes on April 18, 2025 at 11:26 AM
After nearly a decade of use, the Federal Financial Institutions Examination Council (FFIEC) is officially retiring its Cybersecurity Assessment Tool (CAT) on August 31, 2025. Originally released in 2015, the CAT served as a foundational tool for financial institutions—especially bank …
NIST AI Risk Management Framework Explained
by Jerry Hughes on December 20, 2024 at 11:00 AM
Artificial intelligence (AI) is transforming industries, but with its rapid adoption come risks that organizations must address to ensure safe and ethical use. The NIST Artificial Intelligence Risk Management Framework (AI RMF), developed by the National Institute of Standards and Tec …
What Is a C3PAO in CMMC?
by Kyle Daun on December 2, 2024 at 1:45 PM
In today’s cybersecurity landscape, organizations that work with the U.S. Department of Defense (DoD) must adhere to stringent security standards to protect sensitive information. A critical component of achieving compliance with the Cybersecurity Maturity Model Certification (CMMC) i …