Source: CMMC 2.0 Level 2 Scoping Guide
Term: Specialized Assets
Asset Description:
- Assets that may or may not process, store, or transmit CUI
- Assets include: government property, Internet of Things ("IoT") devices, Operational Technology ("OT"), Restricted Information Systems, and Test Equipment
Contractor Requirements:
- Document in the asset inventory
- Document in the System Security Plan (SSP)
- Show these assets are managed using the contractor's risk-based security policies, procedures, and practices
- Document in the network diagram of the CMMC Assessment Scope
CMMC Assessment Requirements:
- Review the SSP in accordance with practice CA.L2-3.12.4
- Do not assess against other CMMC practices
Comments
0 comments
Please sign in to leave a comment.