# CMMC Asset Inventory

> Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.



Tags: CMMC, CMMC 2.0, NIST, DoD, Compliance, Asset Inventory


## Example Prompts

- Build our CMMC asset inventory for Level 2 with CUI and security protection assets
- Classify our in-scope systems as CUI, security protection, or contractor risk-managed
- Update our CMMC asset inventory with new servers and workstations

URL: https://rakenne.app/skills/cmmc-asset-inventory/index.md

Try this skill: https://rakenne.app/a/?skill=cmmc-asset-inventory


## Overview

Create and maintain the CMMC asset inventory: CUI assets, security protection assets, and contractor risk-managed assets for assessment scope.

## Getting Started

Add your source materials to the project workspace, then activate the *CMMC Asset Inventory* skill. The agent will guide you through the process step by step.

## Example Conversation

> **You:** We need to build our CMMC Level 2 asset inventory. We have the scope doc — in scope are our file server, contract management app, domain controllers, firewall, and workstations that access CUI. Can you turn that into a formal inventory?
>
> **Agent:** I'll create an asset inventory table with: asset ID, asset type (CUI / Security protection / Contractor risk-managed), description, location, owner. I'll classify from your scope: file server and contract app as CUI assets; domain controllers, firewall, and any logging/SIEM as security protection; workstations that access CUI as CUI assets.
>
> **Agent:** I've created `asset-inventory.md` with 12 assets. CUI assets: FS-01 (file server), ContractApp (contract management), WS-01–WS-08 (workstations). Security protection: DC-01, DC-02 (domain controllers), FW-01 (firewall), SIEM-01 (log collector). Each row has identifier, type, short description, location (e.g. Internal segment, DMZ), and owner/custodian. You can reference this in the SSP and use it for assessor verification.

## Sample Output Excerpt

Below is a representative excerpt from a CMMC asset inventory.

---

### Asset Inventory

| Asset ID | Type | Description | Location | Owner |
|----------|------|-------------|----------|-------|
| FS-01 | CUI | File server — CUI file share | Internal segment | IT Operations |
| ContractApp | CUI | Contract management application (SaaS + on-prem component) | DMZ / cloud | Business Owner |
| WS-01 – WS-08 | CUI | Workstations used to access CUI | Internal segment | IT Operations |
| DC-01, DC-02 | Security protection | Domain controllers — authentication, GPO | Internal segment | IT Operations |
| FW-01 | Security protection | Boundary firewall | DMZ | IT Operations |
| SIEM-01 | Security protection | Log collector / SIEM | Internal segment | Security |

*CUI assets:* process, store, or transmit CUI. *Security protection assets:* protect CUI or provide security functions (e.g. IAM, logging, boundary).

<!-- /excerpt -->


---

Back to [Skill Library](https://rakenne.app/skills/index.md)