Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » Generic » CMMC Assessment Scope

CMMC Assessment Scope

Determining the scope of your CMMC assessment is a need for a successful certification process. It sets the groundwork by outlining what you need to evaluate. This approach reduces the assessment’s duration and minimizes the impact of security controls on your workforce.

This is why it is essential to account for every asset, whether within or outside the scope of the assessment, that processes Controlled Unclassified Information (CUI) or is not intended for nCUI processing. Disagreements about assessment scope can lead to certification delays. 

CMMC Self-Assessment

If you’re an Organization Seeking Compliance (OSC) aiming for CMMC Level 1 or a subset of Level 2 OSCs handling non-critical national security information, you can opt for a self-assessment. This means that your organization’s CMMC lead will conduct the assessment internally.

Level 1 Self-Assessment

Level 1 assessments evaluate how the OSC safeguards Federal Contract Information (FCI) using the 17 NIST 800-171 controls that apply to Level 1. To achieve Level 1 compliance, all objectives within these 17 controls must be met.

Level 2 Self-Assessment

Level 2 OSCs must assess against NIST 800-171 (A) and meet all 110 control assessment objectives. Success at this level requires a comprehensive System Security Plan (SSP) that details how policies, procedures, and technologies align with each assessment objective.

Both Level 1 and Level 2 OSCs need to perform self-assessments annually. They must also provide an annual affirmation from a senior company official confirming compliance with all requirements. These self-assessments and affirmations must be registered in the DoD’s Supplier Performance Risk System (SPRS).

Additional reading

Compliance for Healthcare: Laws and Journey Ahead

Healthcare companies are facing increasing levels of scrutiny over the last few years. Compliance for healthcare companies now covers a wider scope of aspects—bringing in healthcare providers, third, and fourth-party vendors that work with health care providers under its purview.  According to research by the Ponemon Institute published by IBM, the average cost of healthcare…

Sprinto named as Security Compliance Leader in G2 Summer 2022 Report

We’re thrilled to announce that Sprinto has been recognized as a Security Compliance Leader in the Summer 2022 Grid® Report by G2.  Sprinto also ranked #1 in Best Usability, Best Relationship and Best Price, outperforming the competition and collectively winning 9 badges across categories. G2 is one of the largest software marketplace and services review…
HIPAA documentation

HIPAA Documentation: Importance & Requirements

If you own a healthcare facility or provide a service to one, you know how important it is to be HIPAA compliant. HIPAA has a long list of requirements, and documentation is an important one. The struggle with HIPAA documentation is often confusing. The legal speak often leads non-compliance folks down the rabbit hole. But…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.