Today we launched the next module in out CCP Essentials class. This week we focus on scoping from a lens of zone segmentation. This means you figure out how the people, processes and technology work my mapping how data flows through your company.


* Define an endpoint, boundary, and scope.
* Illustrate a basic network diagram with routers, firewalls, and endpoints.
* Compare common use cases for the authorized handling of CUI/FCI.
* Explain the interaction of people, processes and technology in determining scope
* Identify the controls we apply to people, processes and technology 
* Define what controls are applicable for the in-scope  people, processes and technology given a business case study.


Amira Armond. Scoping


Compliance Forge and Supply Chain Risk Management. (2021). Unified Scoping Guidance.


Try to write a beginner’s guide to scoping that a small business owner can use to demonstrate how authorized handlers protect sensitive data.


Almost 70% of all the objectives required by CMMC rely on non-technical solutions. What has to happen with people and processes to ensure the technology to limit scope is an effective security measure? Develop a list of processes that influence scope.


Given a scenario, and using a zone approach to scoping, mark off if specific people, processes, and technology are out of scope or in scope. Then explain how the in-scope elements interact.