Get compliant
Menu

Day: February 25, 2026

DoD Clarifies: Encrypted CUI Still Counts for Your CMMC Boundary

If you’re planning your CMMC Level 2 assessment scope thinking that encrypting CUI gets it “out of bounds,” the DoD’s latest FAQ guidance delivers a reality check. The January 2026 update addresses three critical scoping questions that every DIB contractor needs to understand, because getting this wrong means either overscoping (and overspending) or underscoping (and […]

CMMC Level 1 Requires 17 Safeguards 15 Controls

The official FAR clause lists 15 safeguards, but CMMC documentation often references 17 practices. Here is why: 

CMMC inherited the DoD’s earlier mapping from the DFARS 252.204-21 “Basic Safeguarding” table, where two of the FAR requirements were split into multiple CMMC practice IDs during modeling. They are not additional requirements—just a structural carryover from the original DoD-to-NIST mapping exercise.