The Compliance Audit Readiness Assessment (CARA) is a self-assessment tool that helps you understand and determine your organization's readiness in meeting the audit requirements under the Cybersecurity Maturity Model Certification (CMMC), Level 1 - Basic Cyber Hygiene.
This assessment will take about five minutes to complete. Once you complete the assessment, you'll receive a customized report with detailed guidance that will help you define the technical controls that your organization will need to have in place before a CMMC audit.
The Cybersecurity Maturity Model Certification was published as a way to verify that federal contractors have the appropriate cybersecurity practices and processes in place. If your organization is currently contracted with the Department of Defense (DoD) or plans to bid on contracts with the DoD, the CMMC certification will be required. CMMC has five certification levels that assess your organization’s maturity and cybersecurity preparedness. Each level is built upon the last, meaning that an organization must be compliant with Level 1 before they can comply with Level 2 of the CMMC. To learn more about the CMMC, please see the CMMC website.
How Does CARA Work?
The CARA tool lists the requirements that are included in Level 1 of the Cyber Security Model Certification (CMMC). You will read each requirement description and select a status that best represents where your organization currently stands with the requirement.
At the end of the assessment, you will receive your results on-screen and we'll also send you an email with your customized PDF report. This report will help your organization build the controls it needs to have in place before your Cyber Security Model Certification audit.
To get started, sign up for the assessment by filling out the form on this page. Be sure to enter a valid email address so you can take the assessment and receive your customized PDF report at the end of the assessment.
Once you've filled out the form, you'll receive an email with a link that will take you to the assessment. Save this email in case you'd like to finish or retake the CMMC assessment in the future.
See the next section to learn how to take the assessment.
Taking the Assessment
Follow the steps below to take your CMMC assessment using the CARA tool:
- Click the link in the email you received after signing up for the assessment.
- From the welcome page, click the Get Started button to begin your assessment. You will be directed to the Compliance Audit Readiness Assessment page which shows the 17 requirements that are included in Level 1 of the Cybersecurity Security Model Certification.
- Read the first requirement Name and Description.
- Then, from the Self-Assessment Response column, select the response that best represents where your organization currently stands with this requirement. The response options are: Met, Partially Met, Not Met, or N/A (not applicable).
- Continue reading through each requirement name and description and selecting the appropriate Self-Assessment Response.
- As you continue to select responses, the Requirements Breakdown progress bar will update to show your self-assessment response percentages.
- Once you've selected a response for each requirement, click the Complete and Get Results button at the bottom of the page, to see your customized report.
Tip:If you need to gather additional information to successfully complete your self-assessment, you can click the Save for Later button. Then, when you're ready to return to your assessment, use the link in the email that you received after signing up.
Analyzing Your Results
After completing your assessment, you'll see your custom report on the following page. You'll also receive an email where you can view and download a PDF version of this report.
Note:If you're using Internet Explorer, you may not be able to view your PDF report in your browser. Please refer to the PDF attachment in your email instead.
Your customized report will contain additional information for each of the requirements where you selected Partially Met or Not Met during your self-assessment.
For each of these Partially Met or Not Met requirements, your report will include the following information:
- Clarification from the Cybersecurity Maturity Model Certification publication.
- Clarification explains the requirements in greater detail so you can get a better understanding of what is required of your organization.
- Additional Self-assessment Questions
- To qualify for the CMMC, your organization should be able to say “Yes” to these questions.
- These questions will help you define the specific controls that your organization will need to have in place before your CMMC audit.
KnowBe4's KCM GRC platform makes it easier for you to manage these controls. Our platform provides a central location to store your organization's requirements and controls, automate task reminders to satisfy your controls, and store the necessary evidence for your auditor.
Frequently Asked Questions
Question: What happens to the responses that I enter into the assessment?
Answer: Once you've completed your assessment, you'll have the option to delete your responses. From the results page, click the Delete My Information button. If you delete your responses, your PDF report will still be available for download from the email you received after your assessment.
Question: Can I retake the assessment?
Answer: Sure! The email you received when you signed up for the assessment contains a link that will bring you back to your assessment. If you did not delete your data, your previous self-assessment responses will be shown. You can update your responses and click the Submit button to receive a new customized report.
Question: I completed the assessment, why didn't I receive an email with my PDF report?
Answer: Check your Spam or Junk folder. If you didn't find your email there, please contact our support team.