Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
CMMC Assessment Scope
Determining the scope of your CMMC assessment is a need for a successful certification process. It sets the groundwork by outlining what you need to evaluate. This approach reduces the assessment’s duration and minimizes the impact of security controls on your workforce.
This is why it is essential to account for every asset, whether within or outside the scope of the assessment, that processes Controlled Unclassified Information (CUI) or is not intended for nCUI processing. Disagreements about assessment scope can lead to certification delays.
CMMC Self-Assessment
If you’re an Organization Seeking Compliance (OSC) aiming for CMMC Level 1 or a subset of Level 2 OSCs handling non-critical national security information, you can opt for a self-assessment. This means that your organization’s CMMC lead will conduct the assessment internally.
Level 1 Self-Assessment
Level 1 assessments evaluate how the OSC safeguards Federal Contract Information (FCI) using the 17 NIST 800-171 controls that apply to Level 1. To achieve Level 1 compliance, all objectives within these 17 controls must be met.
Level 2 Self-Assessment
Level 2 OSCs must assess against NIST 800-171 (A) and meet all 110 control assessment objectives. Success at this level requires a comprehensive System Security Plan (SSP) that details how policies, procedures, and technologies align with each assessment objective.
Both Level 1 and Level 2 OSCs need to perform self-assessments annually. They must also provide an annual affirmation from a senior company official confirming compliance with all requirements. These self-assessments and affirmations must be registered in the DoD’s Supplier Performance Risk System (SPRS).
Additional reading
GRC Metrics: KPIs, KRIs, & KCIs Explained + Sample Checklist
SOC 2 Automation: What Is It, and Why Do You Need It?
Corporate Compliance: What is it And Why it’s Important
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.