CMMC Asset Inventory

Overview

Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.

Getting Started

Add your source materials to the project workspace, then activate the CMMC Asset Inventory skill. The agent will guide you through the process step by step.

Example Conversation

You: We need to build our CMMC Level 2 asset inventory. We have the scope doc — in scope are our file server, contract management app, domain controllers, firewall, and workstations that access CUI. Can you turn that into a formal inventory?

Agent: I’ll create an asset inventory table with: asset ID, asset type (CUI / Security protection / Contractor risk-managed), description, location, owner. I’ll classify from your scope: file server and contract app as CUI assets; domain controllers, firewall, and any logging/SIEM as security protection; workstations that access CUI as CUI assets.

Agent: I’ve created asset-inventory.md with 12 assets. CUI assets: FS-01 (file server), ContractApp (contract management), WS-01–WS-08 (workstations). Security protection: DC-01, DC-02 (domain controllers), FW-01 (firewall), SIEM-01 (log collector). Each row has identifier, type, short description, location (e.g. Internal segment, DMZ), and owner/custodian. You can reference this in the SSP and use it for assessor verification.

Sample Output Excerpt

Below is a representative excerpt from a CMMC asset inventory.

Asset Inventory

CUI assets: process, store, or transmit CUI. Security protection assets: protect CUI or provide security functions (e.g. IAM, logging, boundary).