.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Reporting Your DoD Self Assessment (SPRS) Score: What to Know
by Kelly O’Brien on June 10, 2025 at 2:59 PM
If you contract with the Department of Defense (DoD)—directly or indirectly—you’re likely required to report a cybersecurity self-assessment score to the Supplier Performance Risk System (SPRS). SPRS is a web-based system used by the DoD to track and assess contractor performance and …
Replacing the FFIEC CAT with NIST CSF 2.0
by Jerry Hughes on April 18, 2025 at 11:26 AM
After nearly a decade of use, the Federal Financial Institutions Examination Council (FFIEC) is officially retiring its Cybersecurity Assessment Tool (CAT) on August 31, 2025. Originally released in 2015, the CAT served as a foundational tool for financial institutions—especially bank …
NIST AI Risk Management Framework Explained
by Jerry Hughes on December 20, 2024 at 11:00 AM
Artificial intelligence (AI) is transforming industries, but with its rapid adoption come risks that organizations must address to ensure safe and ethical use. The NIST Artificial Intelligence Risk Management Framework (AI RMF), developed by the National Institute of Standards and Tec …
What Is a C3PAO in CMMC?
by Kyle Daun on December 2, 2024 at 1:45 PM
In today’s cybersecurity landscape, organizations that work with the U.S. Department of Defense (DoD) must adhere to stringent security standards to protect sensitive information. A critical component of achieving compliance with the Cybersecurity Maturity Model Certification (CMMC) i …
SOC 2 vs. NIST: A Comprehensive Comparison
by Jerry Hughes on October 2, 2024 at 1:00 PM
When comparing SOC 2 and NIST frameworks, it is essential to understand their respective roles in cybersecurity, compliance, and risk management. Both frameworks provide guidance for organizations seeking to protect sensitive data and ensure security, but they are designed with differ …
Which NIST Standard Is Most Important for Small Businesses?
by Andrew Paull on July 19, 2024 at 2:53 PM
Navigating the complexities of cybersecurity can be challenging for small businesses, but the National Institute of Standards and Technology (NIST) offers robust frameworks to help. This blog analyzes the various NIST initiatives and guidelines designed to enhance cybersecurity for sm …