Webinar On Demand: What are Specialized Assets

Webinar On Demand: What are Specialized Assets
In this webinar, Robert McVay, Senior Consultant at Smithers, discusses the role of specialized assets in the Cybersecurity Maturity Model Certification (CMMC) and how they impact NIST SP 800-171 compliance. With the CMMC rule expected to finalize by late 2024, defense contractors must prepare now—especially regarding the categorization and treatment of specialized systems.
Key Points:
  • Current Landscape: The CMMC proposed rule was released in December 2023, with full implementation anticipated in FY2025. For now, assessments will remain based on NIST SP 800-171 Rev. 2.
  • Four Asset Categories: CMMC distinguishes assets as CUI assets, security protection assets, contractor risk-managed assets, and specialized assets—the latter requiring particular attention.
  • Specialized Asset Types:
    • Government-Furnished Equipment
    • IoT/IIoT Devices
    • Operational Technology (OT) such as CNC machines and PLCs
    • Restricted Information Systems configured per government specs
    • Test Equipment used in quality assurance and validation
  • Key Requirements: Specialized assets must be inventoried, documented in the system security plan, and scoped properly in your CMMC assessment. They must also be evaluated against NIST 800-171 Rev. 2 control 3.12.4.
  • Risk Management Recommendations:
    • Minimize or eliminate CUI use on specialized assets
    • Restrict access and isolate systems (physically or logically)
    • Clearly define what is and isn’t in scope to avoid overextending the assessment boundary
  • CUI Identification: Contractors should scrutinize contracts for DFARS clauses like 252.204-7012, 7019, 7020, 7021, and 7024. When in doubt, ask your contracting officer and document their guidance in writing.
Specialized assets are not out of scope—they must be managed thoughtfully to ensure compliance while maintaining operational efficiency. Organizations are encouraged to engage early with their C3PAO to define asset boundaries and reduce compliance risk.

For questions or support, attendees were encouraged to contact us today. 

Latest Resources

See all resources