Ensure CMMC success: seven common scoping mistakes to avoid

When considering your organization’s Cybersecurity Maturity Model Certification (CMMC), identifying the appropriate scope is a critical to your success. The correct scope ensures you have a complete understanding of systems and a boundary where federal contract information (FCI) and controlled unclassified information (CUI) exists in your environment without spending unnecessary time and money to over prepare for the assessment. The third webinar in our CMMC readiness series focuses on the details of how to scope your organization for CMMC success and avoid common scoping mistakes. During this discussion, we explore the following potential pitfalls and share helpful suggestions:

1. Not knowing which CMMC level to target
2. Not being able to identify and track FCI and CUI
3. Having an incomplete inventory of assets
4. Setting the wrong boundary
5. Wrongly handling third-party providers
6. Not leveraging creative scope options to decrease the level of effort
7. Not properly documenting or demonstrating how the practices apply across the full systems boundary

Key learning objectives

1. Discuss the importance of scoping to the success of CMMC
2. Identify seven common scoping mistakes that could potentially impede your CMMC
3. Describe how to avoid scoping pitfalls

Intended audience

This webinar is intended to be a technical discussion for those that already have an understanding of the CMMC basics. Government contractor CFOs, CIOs, compliance and security officers, contracts executives and procurement professionals are encouraged to watch.

Additional resources

• CMMC Webinar, Part I: Understanding CMMC and the implications for DoD contractors
• CMMC Webinar, Part II: Navigating the CMMC assessment
• Podcast: Fed Talks: CMMC: Will perfection be the enemy of procurement?
• Questionnaire: CMMC Readiness Assessment Scoping Questionnaire

For more information or help with your CMMC, contact our team.