Today we launched the next module in out CCP Essentials class. This week we focus on scoping from a lens of zone segmentation. This means you figure out how the people, processes and technology work my mapping how data flows through your company.

Objectives

* Define an endpoint, boundary, and scope.
* Illustrate a basic network diagram with routers, firewalls, and endpoints.
* Compare common use cases for the authorized handling of CUI/FCI.
* Explain the interaction of people, processes and technology in determining scope
* Identify the controls we apply to people, processes and technology 
* Define what controls are applicable for the in-scope  people, processes and technology given a business case study.

Video

Amira Armond. Scoping

https://www.youtube.com/watch?v=h4TCx1XwRgo&list=PL1ed_BKivc_-8DQpza5thlnkaC4aX6ZIW&index=9

Reading

Compliance Forge and Supply Chain Risk Management. (2021). Unified Scoping Guidance.

Writing

Try to write a beginner’s guide to scoping that a small business owner can use to demonstrate how authorized handlers protect sensitive data.

Or

Almost 70% of all the objectives required by CMMC rely on non-technical solutions. What has to happen with people and processes to ensure the technology to limit scope is an effective security measure? Develop a list of processes that influence scope.

Participating

Given a scenario, and using a zone approach to scoping, mark off if specific people, processes, and technology are out of scope or in scope. Then explain how the in-scope elements interact.