Please note, when you first access the system after login, a page displays requesting you select the desired platform: CMMC or NIST 800-171. Select the desired platform and click Next.
There is now an option in the left-hand navigation which allows users to navigate between the CMMC and NIST platforms.
Change Standard
After logging in for the first time, you are prompted to choose the desired standard. The Cybersecurity Maturity Model Certification (CMMC) combines several cybersecurity standards, frameworks and best practices and primarily builds upon existing regulations in DFARS (NIST 800-181). There are two options available, NIST 800-171/CMMC 2.0 Level 2 or CMMC 2.0 Level 1. After logging in to either NIST 800-171/CMMC 2.0 Level 2 or CMMC 2.0 Level 1, you can select the other standard in the left-hand side of the screen.
Upload a Policy
While completing the policy upload function, the following file types are acceptable: .docx, .doc, .pdf. If you do not currently have any policies, select the Policy Builder icon from the left-hand menu.
NOTE: You will see a list of Policy Families on the left-hand side, listed from 3.1 (Access Control) down to 3.14 (System and Information Integrity).
2. Select the Policy Family you wish to upload your policy. Click the Upload Documents button located in the middle of the screen.
3. Click on Attach Document. Select the document you wish to attach.
4. Click the Open button. Click the Submit button.
NOTE: You will see a notification and pop-up once you have successfully uploaded your document.
Attach Multiple Documents
2. Click the Attach Document button. Select each document using the <Ctrl> key until all the applicable documents needed are highlighted.
3. Click the Open button. Click the Submit button.
NOTE: This will reassess your document set and provide you with a new score, KENI and overall assessment.
Issue Attaching Documents
NOTE: Acceptable file types are limited to: .docx, .doc, .pdf.
2. Check to see if you are over the size limit: 20 MB.
3. If it is a .PDF file, make sure it is not password protected.
NOTE: You can disable the password and upload the document. Once uploaded, you can re-enable the password. If you’re still having issues contact customer support at 1(443) 445-0560.
Remove Password from PDF Files
NOTE: You must enter the appropriate password at this time.
2. Click the lock icon located in the upper left side of the window.
3. Click Permission Details. You can also click File > Properties and click the Security tab.
4. Click the Security Method box.
5. Click No Security. Click OK to remove the password.
6. Click File > Save to save your changes.
NOTE: You can also just close the Adobe Acrobat window and you are prompted to save your changes.
Delete Document
NOTE: You receive a pop-up notification asking if you are sure you wish to delete.
2. Click the Delete button to completely remove from the platform.
NOTE: You are not able to recover this document from the platform after deleting.
Policy Builder
There are several ways to get to policy builder:
- From the Dashboard, click the link Don’t have policies and need assistance in creating them? Click here to use Policy Builder!
- Click the Policy Builder icon located on the static menu located on the left of the screen.
- Under the policy assessment area, each policy family has a link to the specific template in policy builder. There you will find please click here to go to Policy Builder.
NOTE: This will take you directly to the Policy Planning Information for that applicable policy.
Create Policy
NOTE: If you already closed your welcome pop-up, re-open by clicking Policy Planning Information, located on the top right corner of the site.
2. Read through the NIST instructions on how to do a GAP Assessment and Risk Register.
NOTE: This will help show you where you are missing controls and is a crucial step to building an effective policy.
3. Follow our guide to prepare, gather and consult the appropriate materials and people.
NOTES:
– Prepare: Lists recommended steps that should be taken before starting the Policy Builder process.
– Gather: Provides insight into documents and records that will be helpful in writing new policy documents.
– Consult: Suggests individuals within your company that will likely be able to answer questions that come up during the Policy Builder process.
4. Click the link If you are ready, get started.
Edit Policy Document
2. Make any edits as needed. Click Save.
3. If you select to Cancel or Exit, A prompt asks if you really want to close. Click Yes or No to cancel or go back to the previous screen.
4. If Yes is selected, all changes for that session will be reverted.
5. If No is selected, it will bring you back so you can save any changes made.
NOTE: If you accidentally saved some changes but want the original template back, you can click the Reset icon next to the section to revert back to the default information with all changes and additions removed.
Save Policy to Computer
NOTE: If you have not made sufficient changes to the policy document, a pop-up window will displays and state The items referenced below have not been customized. Do you still want to aggregate the controls and export?
2. Click Yes if you are ready to save to your computer OR click No if you want to make changes.
Reset Template
PolicyPro provides the Reset function, which allows you to reset the template back to its original state.
These templates are generic for all industries, company sizes, and locations. They are lacking the specific policies and content in which your company has in place. If the templates are not properly edited you will not have effective cybersecurity policy documents.
Some sections may or may not be applicable to your particular company. Read the instructions, guidelines and other information (from our resource tab) to make a judgment on whether or not a particular control applies to your company.
NOTE: A pop-up warning, Clicking on the reset button will reset the controls below to the original setting. Are you sure you want to reset? displays.
2. Click Yes to reset.
NOTE: You will need to do this for each control section you wish to bring back to the original state. Any resets cannot be undone, please be sure that you want to remove any changes made to that section prior to resetting.
Reference Library
The Reference Library can be accessed via the left menu using the icon. It contains helpful links to various content curated to assist you in drafting or redrafting your policy documents. They are divided into topics by policy family.
New Dashboard
Now that the CMMC and NIST 800-171 Domains/Policy Families are now the same, they have been integrated. Any prior uploaded policy assessments are identified by date and type (CMMC 1.0 or NIST 800-171). New policies uploaded will show the type as CMMC 2.0 (Level 1 or Level 2).