Manage
- What is the Manage module?
- How do I invite a user to my organization?
- How do I remove a user from my organization?
- How do I change a user's role?
- How do I create a new role?
- How do I rename my organization?
- How do I change CMMC levels?
- How do I change between CMMC and ISO 27001?
- How do I enable/disable privacy controls?
- What does "Request Review" mean?
- Why am I receiving an error when selecting "Authorize"?
- Where do I specify the Authorizing Official for my organization?
Manage Articles:
What is the Manage module?
The Manage module exists for Owners to manage their organization. Using the Manage module, you can:
- Describe the organization and its cybersecurity compliance environment
- Invite users and manage their roles
- Load the cybersecurity assessment type of interest (CMMC or ISO 27001)
- Change the CMMC practice level (L1, L2, L3)
- Enable Privacy controls (for HIPAA environments)
- Review the organization's compliance status and generate compliance attestation letters
How do I invite a user to my organization?
Only Owners can invite users to an organization. On the Manage page, select the Users & Roles tab, and select Invite New User. Enter the email address of the user, assign their role, and select Send Invitation.
A user that has been invited to the tool but has not yet created an account will show as emailaddress(invited). Once they create their account, they will show in the list of users as their Full Name.
Email invitations to Totem™ expire after 24 hours. If you invite a user and they don't accept within 24 hours, you will need to re-issue an invitation. To do this, just use the Invite New User button again.
How do I remove a user from my organization?
Only Owners can remove users from their organization. To remove a user, on the Users & Roles tab, select the checkbox next to the role that the user has been assigned to, and select the Edit button that appears at the top (NOTE: Do not choose Delete Selected, as this will delete the role, and all users assigned to that role.). Select the 'X' that appears next to the name of the user, and choose Edit Role. Notice that the user no longer appears. In the event a user has been assigned multiple roles, you will need to remove them from all roles assigned to them.
Removing all roles from a user will restrict them from accessing your organization and any of its contents, but it will not delete their Totem™ account. In the event the user no longer needs access to Totem™, such as they have left the organization, please contact Support. For Enterprise customers, please reach out to your instance administrator.
In the case of removing a user's role and assigning them another, please see below.
How do I change a user's role?
Only Owners can change a user's role. To change a user's role, you'll first need to remove them from their current role. See above. Then, select the checkbox next to the role you'd like to assign the user to. Select the Edit button that appears at the top, and select the user from the drop-down user list. Select Edit Role to save. Notice that the user has been assigned to the new role.
How do I create a new role?
Only Owners can create new roles. Totem™ comes with four "baked-in" roles: Owner, Authorization Official, Engineer, and Assessor. If you want to create a new role in addition to these four, on the Users & Roles tab, select Create Role. Assign a name to your new role, select the associated permissions (for questions on the permissions, please contact Support), assign users (if desired), and select Create Role.
How do I enable/disable Privacy controls?
Only Owners can enable/disable Privacy controls. The Privacy control set exists for organizations pursuing compliance with frameworks that have specific requirements for privacy, such as HIPAA. On the Manage page, select the Properties tab. Select the toggle for "Enable Privacy Controls", and select Update Organization at the bottom of the page.
Browse to the Control Status module, and you'll see that a Privacy control family has generated. To disable the Privacy family, switch the "Enable Privacy Controls" toggle to off, and select Update Organization.
What does "Request Review" mean?
"Request Review" allows the organization's Owner(s) to request a review and acceptance of the organization's status (its SSP and POA&M). Once a review has been requested, it is then up to an Owner or an Authorization Official to approve or deny the organization's status.
If an organization's review is accepted, the Owner or Authorization Official can then generate an attestation letter in the form of a PDF (Note: when generating the PDF, if some fields are blank, check the Manage > Properties page to ensure those fields have been filled out, and generate the attestation letter again).
Until an organization has been authorized, it will appear on both the Dashboard and the Manage page as "Not Yet Authorized". Once authorized, it will appear as "Authorized". Even if an organization has been authorized, it may request another review.
Why am I receiving an error when selecting "Authorize"?
In Totem™ release 5.0, a new module was introduced: Roadmap. If you are receiving an error when attempting to authorize an organization, it's likely because you have not completed Roadmap steps up to but not including Schedule CMMC Readiness Review. Ensure you have met each of the previous steps before authorizing the organization.
Where do I specify the Authorizing Official for my organization?
The Authorizing Official, which is specified in the attestation letter generated as part of the "Request Review" process (see above), is different from the Authorization Official role in Users & Roles. On the Properties tab, filling in the Authorizing Official field will generate the appropriate name in the attestation letter.