Today we launched the next module in out CCP Essentials class. This week we focus on scoping from a lens of zone segmentation. This means you figure out how the people, processes and technology work my mapping how data flows through your company.
* Define an endpoint, boundary, and scope. * Illustrate a basic network diagram with routers, firewalls, and endpoints. * Compare common use cases for the authorized handling of CUI/FCI. * Explain the interaction of people, processes and technology in determining scope * Identify the controls we apply to people, processes and technology * Define what controls are applicable for the in-scope people, processes and technology given a business case study.
Amira Armond. Scoping
Compliance Forge and Supply Chain Risk Management. (2021). Unified Scoping Guidance.
Try to write a beginner’s guide to scoping that a small business owner can use to demonstrate how authorized handlers protect sensitive data.
Almost 70% of all the objectives required by CMMC rely on non-technical solutions. What has to happen with people and processes to ensure the technology to limit scope is an effective security measure? Develop a list of processes that influence scope.
Given a scenario, and using a zone approach to scoping, mark off if specific people, processes, and technology are out of scope or in scope. Then explain how the in-scope elements interact.