Scoping CUI and FCI for CMMC (M02b)
Despite the existence of CMMC scoping guides and assessment guides, most members of the defense industrial base still struggle to understand exactly what is required of them and what portions of their business, their organization, and the information technology is affected. The essential first step for CMMC preparedness is simply to understand and identify what FCI and CUI exists within your organization. The next step is to then understand all the places that FCI and CUI live. It is only at that point that the company can begin to think about how to adequately reduce the footprint and then finally optimize the protection of this sensitive information.
In this very pragmatic session, the panelists will cover:
· Why scoping is a business issue as well as a technology issue
· Recognizing CUI and FCI
· Tracing CUI and FCI within your organizational environment
· A method for considering different ways of reducing the footprint of CUI and FCI in your systems
· High level ideas for marrying CMMC compliance with optimization of your overall cybersecurity program