CMMC requires protection for, both, Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), and succinctly defines FCI as information provided by or generated for the Government under contract that has not or will not be publicly released (within a reasonable period of time). Many businesses do not realize FCI resides in their back office and operational systems such as contracts, accounting, HR, and business development systems. Moreover, DIB companies need to reconsider what systems and software they use – as many of those systems are not maintained according to applicable FedRAMP and CMMC standards. Join recognized CMMC and cloud compliance thought leader, Scott Edwards – Summit 7, and a trusted provider in capture management software Capture2Proposal to discuss how to address compliance in these systems.
Learn about practical examples and best practices other DIB suppliers are implementing. For example, CMMC documentation provides in Access Control (AC) 1.003 a scenario where your business development and proposal teams are creating an RFP/RFI/RFQ response to the DoD for a new contract or rebid. It is possible that in that proposal response, your company may include detailed processes, past performance, and contract information from existing or contracts from the recent past. This contract data in some cases may be clearly identified as FCI, or should at least be considered as FCI.
What is FCI?: https://info.summit7systems.com/blog/fci
What is CUI?: https://info.summit7systems.com/blog/cui