Dashboard

• What is the Dashboard module?
• What is the "Security Plan Progress" measuring, and how do I complete it?
• What does "Not Yet Authorized" mean?
• What is the difference between "Score Last Updated" and "Organization Last Updated"?
• What does "Score" mean?
• Why is my Score negative?

Dashboard Articles:

What is the Dashboard module?

The Dashboard module summarizes the present state of an organization's cybersecurity compliance posture. It presents an executive overview of an organization's progress towards implementing one of two cybersecurity frameworks in Totem™: CMMC or ISO 27001. Furthermore, the Dashboard highlights remaining Plan of Action & Milestones (POA&M) items still left to be implemented.

What is the "Security Plan Progress" measuring, and how do I complete it?

The "Security Plan Progress" measures how many Implementation Details fields have been addressed within the Control Status module. As stated in the information indicator button on the Dashboard:

"Security Plan progress is based on an organization action's "Implementation Details" field. When text is present in this field, an organization action is counted as 'complete'. If the Implementation Details are blank, the control is counted as 'incomplete'. Implementation Details must be entered in the Control Status module."

For example, NIST 800-171 Revision 2 has 320 Organization Actions, and therefore 320 individual Implementation Details fields to be filled out. When text is present in 160/320 of these fields, the Dashboard will show that the Security Plan Progress is 50% complete and 50% incomplete.

What does "Not Yet Authorized" mean?

Until an organization has been authorized through the Manage module, it will appear on both the Dashboard and the Manage page as "Not Yet Authorized". Once authorized, it will appear as "Authorized". See the Manage support page for more on authorizing an organization.

What is the difference between "Score Last Updated" and "Organization Last Updated"?

"Score Last Updated" reflects the date in which a change to the organization's NIST 800-171 score last occurred. For instance, when a Control is marked Compliant through the Control Status module, the "Score Last Updated" would update to show the date that this change occurred:

"Organization Last Updated" is more holistic, including both the date the organization's NIST 800-171 score last updated AND the date its Organization Status (Authorized/Not Yet Authorized) last changed.

What does "Score" mean?

"Score" refers to the organization's DoD Assessment Methodology / NIST 800-171 / Supplier Performance Risk System (SPRS) score. It reflects the organization's current state of implementation out of 110 total points. Where non-compliant controls exist, a point value specified on the Control Status page will be subtracted from the total score of 110.

Why is my Score negative?

Totem™ reflects the DoD's 800-171 Assessment Methodology, and while there are 110 controls, many are worth more than one point (some are three, others are five). An organization just beginning its assessment will start with 110/110 points, and when a control is deemed non-compliant, that control's score value is subtracted from 110. Those points are then added back when the control turns compliant.