CyberZ
View all results
0
View all results
0
CyberZ
View all results
0
View all results
0
Your Cart
Loading
CMMC Level 2 asset scoping worksheet for NIST 800-171 — Excel
CMMC asset inventory auto-categorized into the five 170.19 asset categories
CMMC asset scope summary with category totals and documentation flags
Only -1 left

CMMC Level 2 Asset Scoping Worksheet for NIST 800-171

On Sale
$47.00
$47.00
Added to cart
Add to wishlist Added to wishlist

Before you can secure your CUI, you have to know exactly what's in scope — and miscategorizing one asset can derail an assessment.


CMMC Level 2 sorts every asset in your environment into five categories (32 CFR §170.19), and each one is documented and assessed differently. This worksheet does the sorting for you.


What it does:

• Asset Inventory — list each asset and answer three quick questions (does it handle CUI, does it provide security protection, is it a specialized type). The worksheet auto-suggests the right category and fills in how that asset is treated at assessment.

• Five categories, built in — CUI Assets, Security Protection Assets, Contractor Risk Managed Assets, Specialized Assets (GFE, IoT/IIoT, OT, Restricted Information Systems, Test Equipment), and Out-of-Scope Assets.

• Scope Summary — live totals per category, plus flags for assets missing from your SSP or network diagram, and Contractor Risk Managed Assets missing the required written rationale.

• Category Guide — what qualifies for each category and how it's assessed, with the §170.19 citation.


Why it matters:

• CUI Assets are assessed against all applicable Level 2 requirements

• Security Protection Assets are assessed against the requirements relevant to what they protect

• Contractor Risk Managed Assets aren't assessed — unless under-documented, then the assessor runs a limited check

• Specialized Assets aren't assessed against the 110, but must be identified and risk-managed

• Out-of-Scope Assets must be genuinely separated from CUI


Who it's for: defense contractors and subcontractors scoping a CMMC Level 2 environment, plus MSPs and consultants drawing client boundaries before a C3PAO or self-assessment.


Built right: categories and treatment aligned to 32 CFR §170.19 and the CMMC Level 2 Scoping Guide (DoD CIO, v2.13, Sept 2024); auto-categorization and summary roll-ups; zero formula errors.


Sources reflected inside: 32 CFR §170.19, CMMC Level 2 Scoping Guide (DoD CIO, v2.13), NIST SP 800-171 Rev 2.


Tool, not legal advice. It does not by itself establish compliance or a CMMC status; determinations rest with the DoD, DIBCAC, and authorized C3PAOs.


You'll get one .xlsx workbook (4 tabs).

You will get a XLSX (19KB) file

You Might Also Like

No products found
  • Maestro
  • Mastercard
  • PayPal
  • Visa
  • Discover
Powered by Payhip

By using this website, you agree to our use of cookies. We use cookies to provide necessary site functionality and provide you with a great experience.