CMMC Scoping
IN THIS LESSON
In Part 2 of the CMMC scoping series, Amira Armond and Mark Hapeman from Kieri Solutions guide viewers through the fundamentals of scoping a CMMC Level 2 environment, focusing on identifying asset types and handling CUI securely.
Viewers will learn:
The three levels of CUI scoping: protecting CUI across all contracts, only DoD contracts, or even just a single DoD contract.
Why it’s sometimes necessary to build a new, secure network enclave for CUI when existing environments are too complex or uncontrolled.
How to identify where CUI lives across systems, including workstations, file servers, email clients, printers, and cloud services.
Practical techniques for locating CUI, such as searching for designation indicators or dissemination statements.
The importance of understanding CUI asset categories as defined in the final CMMC rule—especially Controlled Unclassified Information (CUI) assets.
How encryption impacts scoping, including which systems must still be secured even when encrypted transmissions are used.
What to do when CUI is mishandled—such as being emailed unencrypted to the wrong environment—and how to respond responsibly as part of your compliance efforts.
This video helps organizations transition from simply identifying CUI to understanding how to scope their systems and assets for a successful CMMC Level 2 assessment. It sets the stage for more advanced scoping concepts covered in future segments.