Your business is a link in one or more supply chains. Your business depends on those who supply to you, and in turn those you supply to (and their customers and their customers’ customers) depend on you. Any disruption at any point affects the flow of goods, services, and information affecting others in the supply chain. It’s important that we understand the risk in our supply chain and the potential risk we pose to our customers, especially cyber-related risk. Why?

Why are we talking about scoping? For defense contractors, subcontractors, or suppliers, the surest path to CMMC Level 2 certification success depends heavily on an accurately defined CUI boundary, or “CMMC assessment scope”. The wait may be over, as the DoD has finalized its expectations of the CMMC program, but the lion’s share of defense contractors are just getting started, many with a heavier lift than others.