Get compliant
Menu

Day: February 17, 2026

Your Encrypted CUI Is Still In Scope, The DoD Just Confirmed It

If you’re planning your CMMC scope assuming that encryption gets you out of compliance requirements, the DoD’s January 2026 FAQ update has news you need to hear. The message is clear: encrypted CUI is still CUI, and those systems handling it can’t be written off as out-of-scope just because the data is encrypted. Here’s what […]

CMMC Level 1 Requires 17 Safeguards 15 Controls

The official FAR clause lists 15 safeguards, but CMMC documentation often references 17 practices. Here is why: 

CMMC inherited the DoD’s earlier mapping from the DFARS 252.204-21 “Basic Safeguarding” table, where two of the FAR requirements were split into multiple CMMC practice IDs during modeling. They are not additional requirements—just a structural carryover from the original DoD-to-NIST mapping exercise.