Skip to content
1-844-WHY-SNAP
Client Support
Solutions
Overview
Managed IT Services
Co-Managed IT Services
CyberDefense
Identify
Protect
Detect
Respond
Recover
Manage
Professional Services
Cloud Solutions
Compliance
Overview
CMMC Compliance
Roadmap to CMMC Readiness
Financial Compliance
Legal Compliance
About
Overview
Our Team
Careers
Locations
Atlanta, GA
Phoenix, AZ
San Francisco, CA
Events
Resources
Contact Us
Solutions
Overview
Managed IT Services
Co-Managed IT Services
CyberDefense
Identify
Protect
Detect
Respond
Recover
Manage
Professional Services
Cloud Solutions
Compliance
Overview
CMMC Compliance
Roadmap to CMMC Readiness
Financial Compliance
Legal Compliance
About
Overview
Our Team
Careers
Locations
Atlanta, GA
Phoenix, AZ
San Francisco, CA
Events
Resources
Contact Us
Schedule A Meeting
Menu
CMMC Cybersecurity Quiz
"
*
" indicates required fields
Step
1
of
18
5%
Do you have a repeatable and auditable process to provision new employee user accounts?
*
Yes
No
Do you have a repeatable and auditable process to provision new machine accounts on your network?
*
Yes
No
Do you have a repeatable and auditable process to de-provision employee user accounts?
*
Yes
No
Do you have a repeatable and auditable process to de-provision machine accounts on your network?
*
Yes
No
Do you have a standard naming convention for new user accounts and machine accounts?
*
Yes
No
Do you understand the specific access requirements for each job role?
*
Yes
No
Are you using an Identity and Access Management System (IAM), like Active Directory, to manage user and system accounts?
*
Yes
No
Do you limit user access to only the systems and information they need to complete their assigned work in each line of business application?
*
Yes
No
Are you reviewing user access on a regular basis?
*
Yes
No
Do you have an inventory of all the external systems that your company accesses?
*
Yes
No
Have you documented the nature of the external connections (inbound, outbound, protocol, etc.?)
*
Yes
No
Do you restrict access to your corporate network to only corporate owned devices?
*
Yes
No
Do you have a list of users that have access to publish information publicly on your company website, blog, or social media?
*
Yes
No
Do you have a role in your company to review content for any Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) before it is published publicly?
*
Yes
No
Do you have a process to review published content to determine if any FCI or CUI information was inadvertently published and remove the content?
*
Yes
No
Do any of your users share a user ID and password?
*
Yes
No
Are you able to track and log the user ID for all users and systems that access the company network and applications?
*
Yes
No
Do you require strong and complex passwords for all your systems and applications?
*
Yes
No
Does your company destroy or sanitize all “media” so that it can not be recovered? This includes a wide array of items that can store information, like hard drives, thumb drives, CDs, DVDs, tape backups, etc.
*
Yes
No
Can you prove that you have destroyed or sanitized all “media,” including printed documents that contain FCI/CUI?
*
Yes
No
Do you maintain a list of personnel with authorized access, and do you issue authorization credentials?
*
Yes
No
Do you designate areas in your building as “sensitive” and have you put physical security protections in place to limit physical access to the area to only authorized employees?
*
Yes
No
Are output devices, like printers, placed in areas where their use does not expose data to unauthorized individuals?
*
Yes
No
Are personnel required to accompany visitors to areas in a facility with physical access to organization systems?
*
Yes
No
Do you designate areas in your building as “sensitive” and have you put physical security protections in place to limit physical access to the area to only authorized employees?
*
Yes
No
Are output devices, like printers, placed in areas where their use does not expose data to unauthorized individuals?
*
Yes
No
Do you require all visitors to sign-in, either electronic or paper, and maintain these records for as long as required?
*
Yes
No
Do you maintain an inventory of all physical access devices, like keys, badges, and key cards? Is access to your physical access devices limited to only authorized individuals?
*
Yes
No
Is access to your physical access devices limited to only authorized individuals?
*
Yes
No
Do you manage your physical access\devices? For example, revoking key card access or changing locks as needed.
*
Yes
No
Does your company use firewalls at the external system boundaries to protect systems that handle regulated data?
*
Yes
No
Does your company use internal firewalls, routers, or switches to segment your internal network?
*
Yes
No
Do you monitor data flowing in and out of external and internal system boundaries?
*
Yes
No
Does your company protect data flowing in and out of your external and internal systems by using encryption or tunneling traffic?
*
Yes
No
Does your company have any publicly accessible systems (e.g., internet-facing web servers, VPN gateways, publicly accessible cloud services?)
*
Yes
No
If so, are these publicly accessible systems physically or logically separated subnetworks (e.g., isolated subnetworks, or Demilitarized Zones DMZ?)
*
Yes
No
Does your company have a defined and documented timeframe which system flaws must be identified from vulnerability scans, configuration scans, or manual reviews?
*
Yes
No
Can you prove that system flaws are identified in accordance with the specified timeframe?
*
Yes
No
Does your company have a defined and documented timeframe which system flaws must be corrected?
*
Yes
No
Can you prove that system flaws are corrected in accordance with the specified timeframe?
*
Yes
No
Are system components (e.g., workstations, servers, mobile devices) where malicious code protection must be provided identified and documented?
*
Yes
No
Is there a defined frequency by which malicious code protection must be updated?
*
Yes
No
Does your company actively monitor and update your malicious code protection?
*
Yes
No
Does your company have a defined and documented frequency for malicious code scans?
*
Yes
No
Does your company perform real-time malicious code scans on files from external sources as files are downloaded, opened, or executed?
*
Yes
No
Get a copy of the full report to know what areas need strengthening.
Name
*
First
Last
Email
*
Please enter work email only (no Gmail, Yahoo, Etc.)
If you're ready to take steps towards preparing for your CMMC Certification
Schedule time with a CMMC Consultant
Solutions
Overview
Managed IT Services
Co-Managed IT Services
CyberDefense
Identify
Protect
Detect
Respond
Recover
Manage
Professional Services
Cloud Solutions
Compliance
Overview
CMMC Compliance
Roadmap to CMMC Readiness
Financial Compliance
Legal Compliance
About
Overview
Our Team
Careers
Locations
Atlanta, GA
Phoenix, AZ
San Francisco, CA
Events
Resources
Contact Us
Client Support
Let's Talk About IT
