Get compliant
Menu

Day: April 8, 2026

Encrypted CUI Is Still In Scope, but Your Whole Network Might Not Be

If you’re building a CMMC enclave to contain your CUI environment, you need to understand a January 2026 DoD FAQ clarification that directly affects where your assessment boundary lands. The short version: encrypted CUI is still CUI, encryption alone doesn’t create logical separation, but a properly separated enclave can keep your enterprise network out of […]

CMMC Level 1 Requires 17 Safeguards 15 Controls

The official FAR clause lists 15 safeguards, but CMMC documentation often references 17 practices. Here is why: 

CMMC inherited the DoD’s earlier mapping from the DFARS 252.204-21 “Basic Safeguarding” table, where two of the FAR requirements were split into multiple CMMC practice IDs during modeling. They are not additional requirements—just a structural carryover from the original DoD-to-NIST mapping exercise.