CMMCDocs.comHome / Glossary / Data Flow Diagram
Data Flow Diagram
Also known as: DFD
A diagram showing how Controlled Unclassified Information moves through the contractor's environment. A required component of the SSP and assessment package.
A data flow diagram (DFD) is a visual representation of how Controlled Unclassified Information enters, moves through, is processed by, is stored within, and exits the contractor's environment. It is a required artifact for any CMMC Level 2 assessment.
A defensible CUI data flow diagram identifies: the entry points (where CUI comes in), the storage locations, the processing systems, the people and roles that touch CUI, the protective controls at each transition, and the exit points.
A C3PAO will use the DFD to validate scoping during the assessment. A wrong or outdated DFD almost always leads to a finding.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account