Please note, when you first access the system after login, a page displays requesting you select the desired platform: CMMC or NIST 800-171. Please select the image to enlarge.
Uploading Your Policy/Policies
How do I upload a policy?
Step 1. Click on the Policy Assessment icon.
NOTE: You will see a list of policy families on the left-hand side, listed from 3.1 (Access Control) down to 3.14 (System and Information Integrity).
Step 2. Click on the policy family you wish to upload your policy.
Step 3. Click on the Upload Documents button located in the middle of the screen. A pop-up displays.
Step 4. Click on Attach Document.
Step 5. Select the document you wish to attach. See How do I attach multiple documents? for more information.
Step 6. Click the Open button.
Step 7. Click the Submit button.
NOTE: You will see a notification and pop-up once you have successfully uploaded your document.
Why can’t I attach my document?
Step 1. Check to see if you are uploading an accepted file type.
NOTE: Acceptable file types are limited to: .docx, .doc, .pdf. See What file types can be uploaded? for more information.
Step 2. Check to see if you are over the size limit: 20 MB.
Step 3. If it is a .PDF file, make sure it is not password protected.
NOTE: You can disable the password and upload the document. Once uploaded, you can re-enable the password. See How do I remove a password from PDF files?
Step 4. If you’re still having issues contact customer support at 1(443) 445-0560.
What file types can be uploaded?
Acceptable file types are limited to: .docx, .doc, .pdf.
How do I delete a document?
Step 1. Locate the Delete link next to the date/time stamp and person who uploaded the applicable document.
NOTE: You receive a pop-up notification asking if you are sure you wish to delete.
Step 2. Click the Delete button to completely remove from the platform.
NOTE: You are not able to recover this document from the platform after deleting.
How do I attach multiple documents?
Step 1. Click Upload Documents button.
Step 2. Click the Attach Document button.
Step 3. Select each document using the <Ctrl> key until all the applicable documents needed are highlighted.
Step 4. Click the Open button.
Step 5. Click the Submit button.
NOTE: This will reassess your document set and provide you with a new score, KENI and overall assessment.
How do I remove a password from PDF files?
Step 1. Open the password protected PDF file.
NOTE: You must enter the appropriate password at this time.
Step 2. Click the lock icon located in the upper left side of the window.
Step 3. Click Permission Details. You can also click File > Properties and click the Security tab.
Step 4. Click the Security Method box.
Step 5. Click No Security.
Step 6. Click OK to remove the password.
Step 7. Click File > Save to save your changes.
NOTE: You can also just close the Adobe Acrobat window and you are prompted to save your changes.
Don’t have any policies?
Click on the Policy Builder iconin the left menu and follow the instructions to create your policies.
How do I change to CMMC or to NIST 800-171?
Step 1. After logging in for the first time, you are prompted to choose the desired standard. The Cybersecurity Maturity Model Certification (CMMC) combines several cybersecurity standards, frameworks and best practices and primarily builds upon existing regulations in DFARS (NIST 800-181). There are two options available, CMMC and NIST 800-171.
Step 2. After logging in to either CMMC or NIST 800-171, you can select the other standard in the left hand side of the screen
Building NIST 800-171 Policy Documents Using Policy Builder
How do I get to Policy Builder?
There are several ways to get to policy builder:
- From the Dashboard , click the link Don't have policies and need assistance in creating them? Click here to use Policy Builder!
- Click the Policy Builder icon located on the static menu located on the left of the screen.
- Under the policy assessment area, each policy family has a link to the specific template in policy builder. There you will find please click here to go to Policy Builder.
NOTE: This will take you directly to the Policy Planning Information for that applicable policy.
How do I create a policy?
Step 1. Download the GAP Assessment and Risk Register spreadsheet by clicking on the blue hyperlinked text from the welcome pop-up.
NOTE: If you already closed your welcome pop-up, re-open by clicking Policy Planning Information, located on the top right corner of the site.
Step 2. Read through the NIST provided instructions on how to do a GAP Assessment and Risk Register. This will help show you where you are missing controls and is a crucial step to building an effective policy.
Step 3. Next, follow our guide to prepare, gather and consult the appropriate materials and people.
Step 4. Click the link If you are ready, get started ->.
What does prepare, gather and consult mean?
- Prepare: Lists recommended steps that should be taken before starting the Policy Builder process
- Gather: Provides insight into documents and records that will be helpful in writing new policy documents
- Consult: Suggests individuals within your company that will likely be able to answer questions that come up during the Policy Builder process.
How do I edit a policy document?
Step 1. Click on the pencil iconnext to the area you wish to edit. It will bring up the content on a new pop-up on the lower left-hand side.
Step 2. Make any edits as needed.
Step 3. Click Save once finished OR if you don’t want to save your work, click the Cancel or Exit button.
Step 4. If you selected to Cancel or Exit, A prompt asks if you really want to close. Click Yes or No to cancel or go back to the previous screen.
Step 5. If Yes is selected, all changes for that session will be reverted.
Step 6. If No is selected, it will bring you back so you can save any changes made.
NOTE: If you accidentally saved some changes but want the original template back, you can click the Reseticon next to the section to revert back to the default information with all changes and additions removed. See the section I’ve messed up, can I get the original templates back? for more information.
How do I save my policy to my computer?
Step 1. Once you are satisfied with your edits, click the up arrowlocated on the bottom right-hand corner.
NOTE: If you have not made sufficient changes to the policy document, a pop-up window will displays and state The items referenced below have not been customized. Do you still want to aggregate the controls and export?
Step 2. Click Yes if you are ready to save to your computer, OR click No if you want to make changes.
I’ve messed up, how do I get the original templates back?
The Reset iconis visible for each section.
Step 1. Click the Reset icon to revert your changes.
NOTE: A pop-up warning, Clicking on the reset button will reset the controls below to the original setting. Are you sure you want to reset? displays.
Step 2. Click Yes to reset.
Step 3. You will need to do this for each control section you wish to bring back to the original state.
NOTE: Any resets cannot be undone, please be sure that you want to remove any changes made to that section prior to resetting.
Do I have to edit these templates?
Yes. These templates are generic for all industries, company sizes, and locations. They are lacking the specific policies and content in which your company has in place. If the templates are not properly edited you will not have effective cybersecurity policy documents.
Do I have to edit each section?
Some sections may or may not be applicable to your particular company. Read the instructions, guidelines and other information (from our resource tab) to make a judgment on whether or not a particular control applies to your company.
If you decide it is not relevant, uncheck the Guidelines control checkboxand it will be excluded in the exported policy document when you complete the process. For more information, see What does the checkmark/checkbox mean?
What does the checkmark/checkbox mean?
The Guidelines checkboxis checked by default. That means that the section/control will be included when you export the document. If you feel that you’ve covered that control in another policy area or that it is not in the scope of your company, uncheck the box and it will be removed from the aggregated policy document.
What is the tracking number?
The tracking number is for your own internal use, you can use it to keep track of version number. It is not a mandatory field and you can freely add any other information or exclude that field from your policy document.
I only see 3.1, where are the other policy family template documents?
On the left-hand side, click the hamburger icon. This will bring up the list of all of the policy families (14 in total).
How do I score my Policy Builder documents after I have completed customizing them?
Click on the checkmark icon https://www.platform.ismsapplications.com link.on the top left-hand corner of the website. This will take you back to the main platform or simply go to the