CMMC Scoping for Level 2

Screenshot from video about CMMC Level 2 scoping, showing the Level 2 Assessment Guide

This video is provided by Amira Armond and Jil Wright (CMMC Provisional Assessors and Provisional Instructors) from Kieri Solutions, an Authorized C3PAO.

Topics discussed in the video are:

  • How boundaries affect CMMC Level 2 scope
  • How contractors are expected to manage risk at level 2
  • Clouds are generally never specialized assets (except Government Property)
  • How to pick between CUI Asset, Specialized Asset, and Security Protection Asset (when multiple apply)
  • Is it Out of Scope or a Contractor Risk Managed asset?
  • Does CUI Ciphertext passing through an asset make it a CUI Asset?
  • Can you skip assessing a network that has CUI in it?
  • What happens if assessors discover an asset that should be in scope, but wasn’t?
  • Are corporate websites in-scope for assessment?

This content is way more than the CCP course blueprint covers and more in-depth than what is normally covered in CCA courses!

If you haven’t seen it yet, go watch the CMMC Level 1 Scoping video first for important background information!

Enjoy, and don’t forget to subscribe to our YouTube channel for lots of other CMMC training content.

Kieri Solutions is an Authorized C3PAO providing CMMC and 800-171 assessment and preparation services. They offer a unique package of CMMC documentation templates called the Kieri Compliance Documentation (KCD) which is ideal for networks and enclaves with less than 1,000 users.
Kieri sponsors CMMCAudit.ORG and provides free explanations of CMMC concepts so that the Defense Industrial Base can be more secure. If you like how we think, check them out for CMMC prep or assessment services!

CMMC Assessment, Joint Surveillance Assessment, and Consulting:

Kieri Compliance Documentation:

Leave a Reply

Your email address will not be published. Required fields are marked *