Frequently Asked Questions
Frequently Asked Questions
Frequently Asked Questions
You've got questions, we've got answers.
We're transforming the CMMC industry, see how.
You've got questions, we've got answers.
We're transforming the CMMC industry, see how.
CMMC FAQs
Choose the right level of automation and support for your compliance needs.
Choose the right level of automation and support for your compliance needs.
What is the difference between NIST 800-171 and CMMC?
What is the difference between NIST 800-171 and CMMC?
What is the difference between NIST 800-171 and CMMC?
Is CMMC compliance mandatory for all businesses?
Is CMMC compliance mandatory for all businesses?
Is CMMC compliance mandatory for all businesses?
What are the different CMMC v2 levels?
What are the different CMMC v2 levels?
What are the different CMMC v2 levels?
How long does it take to achieve CMMC v2 compliance?
How long does it take to achieve CMMC v2 compliance?
How long does it take to achieve CMMC v2 compliance?
Will the results of my assessment be public? Will the DoD see my results?
Will the results of my assessment be public? Will the DoD see my results?
Will the results of my assessment be public? Will the DoD see my results?
Will prime contractors and subcontractors be required to maintain the same CMMC level?
Will prime contractors and subcontractors be required to maintain the same CMMC level?
Will prime contractors and subcontractors be required to maintain the same CMMC level?
Will my organization need to be certified if it does not handle CUI?
Will my organization need to be certified if it does not handle CUI?
Will my organization need to be certified if it does not handle CUI?
Will CMMC certifications and the associated third-party assessments apply to classified systems and/or environments within the Defense Industrial Base?
Will CMMC certifications and the associated third-party assessments apply to classified systems and/or environments within the Defense Industrial Base?
Will CMMC certifications and the associated third-party assessments apply to classified systems and/or environments within the Defense Industrial Base?
Who will perform third-party CMMC assessments?
Who will perform third-party CMMC assessments?
Who will perform third-party CMMC assessments?
When will CMMC 2.0 be required for DoD contracts?
When will CMMC 2.0 be required for DoD contracts?
When will CMMC 2.0 be required for DoD contracts?
What is the relationship between the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 and CMMC?
What is the relationship between the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 and CMMC?
What is the relationship between the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 and CMMC?
Now that CMMC 2.0 is published, will companies be required to comply with CMMC 1.0?
Now that CMMC 2.0 is published, will companies be required to comply with CMMC 1.0?
Now that CMMC 2.0 is published, will companies be required to comply with CMMC 1.0?
Why did the Department make these changes?
Why did the Department make these changes?
Why did the Department make these changes?
How much will it cost to implement CMMC 2.0?
How much will it cost to implement CMMC 2.0?
How much will it cost to implement CMMC 2.0?
CMMC Certification FAQs
Choose the right level of automation and support for your compliance needs.
Choose the right level of automation and support for your compliance needs.
What is the difference between a CMMC self-assessment and a basic assessment required in the DoD Assessment Methodology?
What is the difference between a CMMC self-assessment and a basic assessment required in the DoD Assessment Methodology?
What is the difference between a CMMC self-assessment and a basic assessment required in the DoD Assessment Methodology?
What is the CMMC Program?
What is the CMMC Program?
What is the CMMC Program?
How will my organization know what CMMC level is required for a contract?
How will my organization know what CMMC level is required for a contract?
How will my organization know what CMMC level is required for a contract?
How much will CMMC certification cost?
How much will CMMC certification cost?
How much will CMMC certification cost?
How frequently will CMMC assessments be required?
How frequently will CMMC assessments be required?
How frequently will CMMC assessments be required?
SMPL-C® Product FAQs
Choose the right level of automation and support for your compliance needs.
Choose the right level of automation and support for your compliance needs.
How will SMPL-C make life easier for me?
How will SMPL-C make life easier for me?
How will SMPL-C make life easier for me?
How do I know if the latest regulations are reflected in my Assessments?
How do I know if the latest regulations are reflected in my Assessments?
How do I know if the latest regulations are reflected in my Assessments?
How is my answer to a question accurate, and can it pass an audit?
How is my answer to a question accurate, and can it pass an audit?
How is my answer to a question accurate, and can it pass an audit?
SMPL-C® AI FAQs
Choose the right level of automation and support for your compliance needs.
Choose the right level of automation and support for your compliance needs.
How do you ensure that our organization retains full ownership of all data input into your AI systems?
How do you ensure that our organization retains full ownership of all data input into your AI systems?
How do you ensure that our organization retains full ownership of all data input into your AI systems?
How will our data be used?
How will our data be used?
How will our data be used?
How do you restrict our data’s use exclusively to purposes we have authorized?
How do you restrict our data’s use exclusively to purposes we have authorized?
How do you restrict our data’s use exclusively to purposes we have authorized?
How do you restrict our data’s use exclusively to purposes we have authorized?
How do you restrict our data’s use exclusively to purposes we have authorized?
How do you restrict our data’s use exclusively to purposes we have authorized?
What assurances can you provide that our data will not be used for training, marketing or analytics without explicit consent?
What assurances can you provide that our data will not be used for training, marketing or analytics without explicit consent?
What assurances can you provide that our data will not be used for training, marketing or analytics without explicit consent?
What privacy protection measures, such as anonymization or data minimization, do you apply if our data is used for training purposes?
What privacy protection measures, such as anonymization or data minimization, do you apply if our data is used for training purposes?
What privacy protection measures, such as anonymization or data minimization, do you apply if our data is used for training purposes?
How do you ensure compliance with privacy regulations, such as GDPR or CCPA, in your AI processes?
How do you ensure compliance with privacy regulations, such as GDPR or CCPA, in your AI processes?
How do you ensure compliance with privacy regulations, such as GDPR or CCPA, in your AI processes?
How do you communicate the types of data collected and their usage within your AI systems?
How do you communicate the types of data collected and their usage within your AI systems?
How do you communicate the types of data collected and their usage within your AI systems?
How do you ensure that all data, including inputs, outputs and training data, remains within the geographic boundaries we have specified?
How do you ensure that all data, including inputs, outputs and training data, remains within the geographic boundaries we have specified?
How do you ensure that all data, including inputs, outputs and training data, remains within the geographic boundaries we have specified?
What is your process for notifying us if our data needs to be accessed or stored outside the approved geographic locations?
What is your process for notifying us if our data needs to be accessed or stored outside the approved geographic locations?
What is your process for notifying us if our data needs to be accessed or stored outside the approved geographic locations?
What is your notification process for incidents, both benign and malicious, that impact our data or the AI system’s performance?
What is your notification process for incidents, both benign and malicious, that impact our data or the AI system’s performance?
What is your notification process for incidents, both benign and malicious, that impact our data or the AI system’s performance?
How do you structure your timeline and action plan for responding to incidents that could affect our security posture?
How do you structure your timeline and action plan for responding to incidents that could affect our security posture?
How do you structure your timeline and action plan for responding to incidents that could affect our security posture?
How do you ensure that your AI models, tools and outputs comply with third-party intellectual property rights?
How do you ensure that your AI models, tools and outputs comply with third-party intellectual property rights?
How do you ensure that your AI models, tools and outputs comply with third-party intellectual property rights?
What measures do you take to make your AI models and processes auditable and aligned with established risk management best practices?
What measures do you take to make your AI models and processes auditable and aligned with established risk management best practices?
What measures do you take to make your AI models and processes auditable and aligned with established risk management best practices?
How can you accommodate independent audits and regulatory reviews of your AI models if required?
How can you accommodate independent audits and regulatory reviews of your AI models if required?
How can you accommodate independent audits and regulatory reviews of your AI models if required?
How do you document compliance with AI-related laws, standards and frameworks applicable to the geographic regions where we operate?
How do you document compliance with AI-related laws, standards and frameworks applicable to the geographic regions where we operate?
How do you document compliance with AI-related laws, standards and frameworks applicable to the geographic regions where we operate?
What AI frameworks or certifications do you adhere to for ensuring legal and ethical compliance?
What AI frameworks or certifications do you adhere to for ensuring legal and ethical compliance?
What AI frameworks or certifications do you adhere to for ensuring legal and ethical compliance?
How do you provide transparency into the decision-making processes of your AI models?
How do you provide transparency into the decision-making processes of your AI models?
How do you provide transparency into the decision-making processes of your AI models?
What resources or documentation do you provide to help our team understand the factors influencing your AI’s decisions?
What resources or documentation do you provide to help our team understand the factors influencing your AI’s decisions?
What resources or documentation do you provide to help our team understand the factors influencing your AI’s decisions?
What steps have you taken to identify and reduce bias in your AI models, and are you willing to share the bias testing results with us?
What steps have you taken to identify and reduce bias in your AI models, and are you willing to share the bias testing results with us?
What steps have you taken to identify and reduce bias in your AI models, and are you willing to share the bias testing results with us?
How do you ensure adherence to recognized ethical AI standards or guidelines, such as those from the IEEE?
How do you ensure adherence to recognized ethical AI standards or guidelines, such as those from the IEEE?
How do you ensure adherence to recognized ethical AI standards or guidelines, such as those from the IEEE?
What measures have you implemented to address the potential unintended consequences in your AI models?
What measures have you implemented to address the potential unintended consequences in your AI models?
What measures have you implemented to address the potential unintended consequences in your AI models?
What safeguards are in place to prevent misuse of your AI systems by internal or external actors?
What safeguards are in place to prevent misuse of your AI systems by internal or external actors?
What safeguards are in place to prevent misuse of your AI systems by internal or external actors?
What rights do we have to review or inspect the training data sources used to refine models applied to our organization?
What rights do we have to review or inspect the training data sources used to refine models applied to our organization?
What rights do we have to review or inspect the training data sources used to refine models applied to our organization?
How do you define and manage our rights regarding updates or enhancements made to models that incorporate our data?
How do you define and manage our rights regarding updates or enhancements made to models that incorporate our data?
How do you define and manage our rights regarding updates or enhancements made to models that incorporate our data?
What performance guarantees or assurances do you provide for your AI systems?
What performance guarantees or assurances do you provide for your AI systems?
What performance guarantees or assurances do you provide for your AI systems?
How do you address issues like hallucinations or factual inaccuracies in AI outputs, and what error thresholds do you consider acceptable?
How do you address issues like hallucinations or factual inaccuracies in AI outputs, and what error thresholds do you consider acceptable?
How do you address issues like hallucinations or factual inaccuracies in AI outputs, and what error thresholds do you consider acceptable?
How often are your AI models updated, and what processes do you follow to notify us about changes that might impact performance?
How often are your AI models updated, and what processes do you follow to notify us about changes that might impact performance?
How often are your AI models updated, and what processes do you follow to notify us about changes that might impact performance?
What procedures do you have in place to manage and decommission AI models to prevent them from becoming outdated, unreliable or insecure?
What procedures do you have in place to manage and decommission AI models to prevent them from becoming outdated, unreliable or insecure?
What procedures do you have in place to manage and decommission AI models to prevent them from becoming outdated, unreliable or insecure?
How do you monitor AI model performance over time, particularly for models integrated into our systems?
How do you monitor AI model performance over time, particularly for models integrated into our systems?
How do you monitor AI model performance over time, particularly for models integrated into our systems?
What strategies do you use to mitigate model drift and ensure consistent performance after deployment?
What strategies do you use to mitigate model drift and ensure consistent performance after deployment?
What strategies do you use to mitigate model drift and ensure consistent performance after deployment?
In what ways does your AI incorporate or support human-in-the-loop mechanisms for critical decision-making?
In what ways does your AI incorporate or support human-in-the-loop mechanisms for critical decision-making?
In what ways does your AI incorporate or support human-in-the-loop mechanisms for critical decision-making?
How can we control or override AI outputs to ensure alignment with our organizational values and standards?
How can we control or override AI outputs to ensure alignment with our organizational values and standards?
How can we control or override AI outputs to ensure alignment with our organizational values and standards?
What customization or configuration options are available to adapt your AI models to better meet our organization’s needs and standards?
What customization or configuration options are available to adapt your AI models to better meet our organization’s needs and standards?
What customization or configuration options are available to adapt your AI models to better meet our organization’s needs and standards?
How do you allow us to adjust the AI’s parameters, decision thresholds or sensitivity to align with our specific risk tolerance or operational requirements?
How do you allow us to adjust the AI’s parameters, decision thresholds or sensitivity to align with our specific risk tolerance or operational requirements?
How do you allow us to adjust the AI’s parameters, decision thresholds or sensitivity to align with our specific risk tolerance or operational requirements?
How compatible is your AI solution with our existing technology stack, and what integrations are supported?
How compatible is your AI solution with our existing technology stack, and what integrations are supported?
How compatible is your AI solution with our existing technology stack, and what integrations are supported?
What steps have you taken to ensure interoperability with other AI or security tools that we may use?
What steps have you taken to ensure interoperability with other AI or security tools that we may use?
What steps have you taken to ensure interoperability with other AI or security tools that we may use?
What measures have you implemented to reduce the environmental and computational costs of training and deploying your AI models?
What measures have you implemented to reduce the environmental and computational costs of training and deploying your AI models?
What measures have you implemented to reduce the environmental and computational costs of training and deploying your AI models?
Can you provide details on the resource efficiency of your AI systems and their scalability with increased usage?
Can you provide details on the resource efficiency of your AI systems and their scalability with increased usage?
Can you provide details on the resource efficiency of your AI systems and their scalability with increased usage?
Do your AI solutions rely on third-party vendors or dependencies? If so, how do you evaluate and secure them?
Do your AI solutions rely on third-party vendors or dependencies? If so, how do you evaluate and secure them?
Do your AI solutions rely on third-party vendors or dependencies? If so, how do you evaluate and secure them?
What practices do you follow to monitor and secure the AI supply chain, mitigating risks associated with third-party components?
What practices do you follow to monitor and secure the AI supply chain, mitigating risks associated with third-party components?
What practices do you follow to monitor and secure the AI supply chain, mitigating risks associated with third-party components?
How do you incorporate user feedback into your AI systems to improve accuracy, relevance and alignment with our organization’s requirements?
How do you incorporate user feedback into your AI systems to improve accuracy, relevance and alignment with our organization’s requirements?
How do you incorporate user feedback into your AI systems to improve accuracy, relevance and alignment with our organization’s requirements?
What mechanisms are in place for us to report issues or concerns, and what is your typical response time for addressing them?
What mechanisms are in place for us to report issues or concerns, and what is your typical response time for addressing them?
What mechanisms are in place for us to report issues or concerns, and what is your typical response time for addressing them?
Are there any limitations on our access to technical or support resources in the event of unexpected AI-related issues?
Are there any limitations on our access to technical or support resources in the event of unexpected AI-related issues?
Are there any limitations on our access to technical or support resources in the event of unexpected AI-related issues?
What liability does your organization assume if your AI system causes errors or generates harmful outputs?
What liability does your organization assume if your AI system causes errors or generates harmful outputs?
What liability does your organization assume if your AI system causes errors or generates harmful outputs?
How do you define accountability and responsibility for the outcomes or recommendations made by your AI models?
How do you define accountability and responsibility for the outcomes or recommendations made by your AI models?
How do you define accountability and responsibility for the outcomes or recommendations made by your AI models?
Ready to Make Compliance Simple?
Cut the chaos. Protect your contracts. Grow your business with SMPL-C® as your AI-powered compliance sidekick.
Subscribe to our newsletter for the latest updates on features and product releases.
By subscribing, you consent to our Privacy Policy and agree to receive updates.
Quick Links
Ready to Make Compliance Simple?
Cut the chaos. Protect your contracts. Grow your business with SMPL-C® as your AI-powered compliance sidekick.
Subscribe to our newsletter for the latest updates on features and product releases.
By subscribing, you consent to our Privacy Policy and agree to receive updates.
Quick Links
Ready to Make Compliance Simple?
Cut the chaos. Protect your contracts. Grow your business with SMPL-C® as your AI-powered compliance sidekick.
Subscribe to our newsletter for the latest updates on features and product releases.
By subscribing, you consent to our Privacy Policy and agree to receive updates.
Quick Links