According to the CMMC Scoping Guidance, Level 1, the categorization of assets is much simpler than at Level 2. At Level 1, there are only two primary categories for assets within the Organization Seeking Certification (OSC): In-Scope Assets (FCI Assets) and Out-of-Scope Assets.
FCI Asset Definition: An asset is considered "In-Scope" for Level 1 if it processes, stores, or transmits Federal Contract Information (FCI). Since the company is building specialized parts under a DoD contract and using in-house staff and equipment for testing, the information related to that contract (the specifications, schedules, and test results) constitutes FCI.
The Level 1 Universe:
Level 1 does not use the complex sub-categories found in Level 2 scoping, such as "Specialized Assets" (OT/IoT/Test Equipment) or "Contractor Risk Managed Assets." Those distinctions are specific to CMMC Level 2 Scoping.
In a Level 1 environment, any piece of equipment or software that handles the contract's information is simply termed an FCI Asset, which falls under the broader umbrella of In-Scope Assets.
Why other options are incorrect:
Option A (CUI Asset): Level 1 is focused exclusively on FCI. CUI (Controlled Unclassified Information) is the focus of Level 2 and Level 3.
Option C (Specialized Asset) and Option D (Contractor Risk Managed Asset): These are specific scoping categories defined in the CMMC Level 2 Scoping Guidance. In Level 1, these categories do not exist; an asset either handles FCI (In-Scope) or it does not (Out-of-Scope).
Reference Documents:
CMMC Scoping Guidance, Level 1 (Version 2.0): Section 2.0 (CMMC Level 1 Asset Categories), which defines FCI Assets and Out-of-Scope Assets.
32 CFR Part 170 (CMMC Program Rule): Establishes the simplified scoping requirements for Level 1 self-assessments.
CMMC Level 1 Assessment Guide: Clarifies that the scope includes all "information systems" (including test equipment) used by the contractor to process, store, or transmit FCI.
