1. Home
  2. |Insights
  3. |CMMC 2.0 Scoping Guidance Limits the Scope of Cybersecurity Assessments

CMMC 2.0 Scoping Guidance Limits the Scope of Cybersecurity Assessments

Client Alert | 1 min read | 12.23.21

The Department of Defense (DoD) recently released the initial guidance documents for Version 2.0 of its Cybersecurity Maturity Model Certification (CMMC) program, including its much-anticipated Scoping Guidance.  While the guidance documents generally adhere to the current requirements for the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), the Scoping Guidance includes notable developments.  Chief among them is the introduction of two asset categories — “Specialized Assets” and “Contractor Risk Managed Assets” — that could potentially limit the scope of a contractor’s CMMC assessment, as well as the number and types of assets to be assessed against the applicable CMMC practices.

  • Specialized Assets include government property; internet of things (IoT) and industrial internet of things (IIoT) devices; operational technology; systems configured based entirely on government requirements and used to support a contract; and test equipment. 
  • Contractor Risk Managed Assets include computing resources that are capable of handling CUI but are prevented from doing so by the contractor’s security policies, procedures, and practices.

Contractors expecting to be subject to CMMC should carefully review the Scoping Guidance, as well as the other guidance documents, to determine whether and how they may wish to limit the scope of CMMC’s applicability.  

Insights

Client Alert | 4 min read | 08.29.25

Gender-Affirming Care Targeted for Potential False Claims Act Enforcement

On August 19, 2025, the Office of Personnel Management (OPM) informed insurers participating in the Federal Employees Health Benefits or Postal Service Health Benefits programs that gender-affirming care would no longer be covered for federal workers starting in 2026. This coverage decision is the Trump Administration’s latest action stemming from Executive Order 14187 which aims to prevent certain treatments, such as gender-affirming hormone therapy, surgeries, and puberty blockers for those under the age of 19. As previously discussed, the Administration has also signaled its intent to use various law enforcement tools against gender-affirming care, including  Section 5 of the Federal Trade Commission Act to police false or unsupported claims by medical professionals about gender-affirming treatments....