Efficient CMMC Scoping
Posted by ComplianceForge Support on Nov 22, 2024
Determining the scope of controls (e.g., assessment boundary) is different than determining control applicability. Do you know the difference?
The Unified Scoping Guide (USG) is a free resource to make control scoping more efficient, regardless of the type of sensitive / regulated data environment. You can download the latest version of the USG for free from: https://complianceforge.com/free-guides/unified-scoping-guide
This helps define the assessment scope boundary of the sensitive/regulated data where it is processed, stored and/or transmitted. This approach is applicable to the following sensitive/regulated data types:
- Controlled Unclassified Information (CUI)
- Federal Contract Information (FCI)
- Personally Identifiable Information (PD)
- Protected Health Information (PHI)
- Cardholder Data (CHD)
- Intellectual Property (IP)
- Attorney-Client Privilege Information (ACPI)
- Student Educational Records (FERPA)
- Export-Controlled Data (ITAR/EAR)
- Critical Infrastructure Information (CII)