CMMC Scoping Guide for Level 1

Apr 17

The CMMC Scoping Guide for Level 1 provides guidance on identifying which assets within a contractor’s environment must be protected and assessed when handling Federal Contract Information (FCI).

At Level 1, scoping is straightforward. The guide defines “CMMC Assessment Scope” as limited to:

• Assets that process, store, or transmit FCI

• Security protection assets (if they provide security functions for the FCI-handling assets)

Unlike higher levels, Level 1 does not require segmentation of networks or complex system categorization. The key goal is to ensure that basic safeguarding practices are applied to all systems that directly interact with FCI.

This scope informs both self-assessments and preparation efforts, helping organizations focus their cybersecurity controls only where needed to meet Level 1 requirements.

https://dodcio.defense.gov/Portals/0/Documents/CMMC/ScopingGuideL1v2.pdf

Brian Hubbard

CMMC Scoping Guide for Level 1

Cybersecurity Maturity Model Certification (CMMC) Model Overview

CMMC Level 1 Self-Assessment Guide

The MSP Cybersecurity Exchange