The process diagram is used to:

  1. Classify components per the NIST SP 800-171 Scope of Applicability
  2. Then categorize those components per the CMMC Level 2 Assessment Scoping Guide

A separate diagram for classifying and categorizing roles will be coming shortly.

About the Author

The Author, Matthew Titcombe is the CEO of Peak InfoSec, an Authorized CMMC 3rd Party Assessor Organization (C3PAO). His support to the Defense Industrial Base began back in 2016 when he was supporting United Launch Alliance’s implementation of NIST SP 800-53 and subsequently NIST SP 800-171 when DFARS Clause 252.204-7012 came into being in 2017.

He has been involved in the CMMC ecosystem since its earliest versions and participated in the Cyber-AB’s working groups. Specifically, Mr. Titcombe worked on the Initial draft of the CMMC Assessment Guides. He was also in the first cohort of Provisional Assessors and was certified as Provisional Assessor #17. He was recently certified as a CMMC Certified Professional (CCP).

After being certified as a Professional Assessor, Mr. Titcombe worked with Local Operations, a CMMC Licensed Partner Publisher to develop the CCP curriculum, He also worked on the CMMC Certified Assessor’s (CCA) curriculum and wrote the lesson on CMMC Scoping.