What belongs inside a CUI system boundary?

Include assets that process, store, or transmit CUI, plus the assets that protect that environment. Document contractor risk managed and specialized assets according to their CMMC scoping treatment.

Should I enter or upload CUI in CMMCTrack?

No. CMMCTrack is for documenting your assessment scope and workflow. Keep actual CUI in the environment you have approved for it.

How to Define a CUI System Boundary for CMMC

body{font-family:'Inter',sans-serif;max-width:800px;margin:40px auto;padding:0 20px;line-height:1.6}How to define your system and CUI boundaryLearn how to identify CUI assets, security protection assets, specialized assets, and out-of-scope systems for a defensible CMMC Level 2 assessment boundary.Supports Level 1 (15 practices, FAR 52.204-21) and Level 2 (110 practices, NIST SP 800-171).Please enable JavaScript to use CMMCTrack.