Article

AI and CUI: What CMMC Level 2 Assessors Look For

July 01, 2026

Defense contractors are adopting AI tools quickly. Microsoft 365 Copilot, ChatGPT, Claude, and similar assistants are being added to workflows that often touch contract data, and many organizations are doing so before considering how AI and CUI intersect within their CMMC assessment scope. The FY2026 National Defense Authorization Act, signed into law in December 2025, has already begun extending federal security requirements to AI, which makes this a timely question for any organization pursuing CMMC Level 2.

As a C3PAO, our role is to evaluate an environment against the standard, not to recommend or sell a particular cloud platform. With that in mind, this article explains how AI tools are assessed during a CMMC Level 2 assessment and where organizations most often encounter gaps.


How AI tools Enter the CMMC Assessment Scope

The relevant question in an assessment is not which AI product an organization has chosen, but whether that product interacts with handles Controlled Unclassified Information (CUI). CMMC scoping follows directly from how an organization handles CUI. Any asset that processes, stores, or transmits CUI is in scope and must appear in the asset inventory, the network diagram, and the System Security Plan.

An AI tool is an asset like any other. If Microsoft 365 Copilot can access a document library that contains CUI, it falls within scope. The same is true of an enterprise ChatGPT or Claude deployment connected to a repository where CUI resides, or of any assistant that can read a mailbox or a SharePoint site holding CUI. The assessment focuses on the data path: where a prompt goes, what the model can reach, and where its output is stored.


Where AI cloud hosting meets the CMMC requirement

That baseline is set by DFARS 252.204-7012, and it is FedRAMP Moderate, or its documented equivalent, not FedRAMP High as is sometimes assumed. To qualify as equivalent, a December 2023 DoW CIO memo requires that the cloud offering meet 100 percent of the Moderate controls, be assessed by a FedRAMP-recognized third-party assessor, and provide the contractor with a supporting body of evidence. A SOC 2 report alone does not satisfy this.

A higher bar applies in specific cases. When CUI includes export-controlled or ITAR data, or a contract limits access to US persons, GCC High is often the environment that meets the requirement, and many prime contractors require it for that reason. That is a legitimate basis for choosing GCC High, but it is distinct from assuming CUI always requires FedRAMP High.


A licensed AI platform is a starting point, not a conclusion

Selecting a platform that is capable of handling CUI is a reasonable foundation, but the license itself does not establish compliance. Whether the deployment is Microsoft 365 Copilot in a GCC High tenant, an enterprise ChatGPT or Claude instance, or an AI feature embedded in a tool already in use, an assessment evaluates how that tool is configured and operated.

The questions that typically determine the outcome include:

  • Is the AI tool documented in the SSP as a component that processes CUI, with its boundary clearly defined?
  • Does the asset inventory classify it correctly, consistent with the network diagram and data flow?
  • Are the relevant controls, such as sensitivity labels, data loss prevention policies, and conditional access, configured and operating rather than only licensed?
  • Can the organization show where prompts and outputs travel, and that access is restricted and logged?
  • Is there an AI use policy, and can the organization demonstrate that it is enforced through training and monitoring?

When a tool has been enabled without these elements in place, it commonly results in a gap during assessment.


Unsanctioned AI use is a common source of CUI risk

Even a well-configured environment does not address AI use that occurs outside the managed boundary. When an employee enters CUI into a personal ChatGPT account or a commercial AI assistant outside the boundary, that constitutes a spillage event, regardless of who owns the device. This kind of activity rarely appears in the technical architecture. It tends to surface through interviews, unapproved accounts, and undocumented workflows.

For this reason, AI readiness is not only a matter of tooling. It also depends on policy, training, and monitoring.


How CMMC requirements for AI are changing

There is also a practical reason to address AI governance sooner rather than later. The FY2026 National Defense Authorization Act, signed into law in December 2025, directs the Department of War (DoW) to develop a security framework for artificial intelligence and machine learning and to incorporate it into both the DFARS and the CMMC program, so that contractors developing, deploying, storing, or hosting AI for the DoW will be required to meet it (Section 1513). The same law prohibits contractors from using certain foreign-developed AI, including DeepSeek and its affiliated entities, in the performance of a DoW contract (Section 1532).

The specific requirements and timelines are still being developed, but the direction is clear. An AI program designed only against the current 110 security requirements will likely need revision once this framework is implemented. Building now around documented boundaries, controlled data paths, and approved tooling is consistent with both the current standard and what is anticipated.


The Bottom Line on AI and CUI

A mock assessment is designed to identify that gap in advance, with results that remain private to the organization. As a C3PAO, our role is to evaluate whether an environment meets the standard, not to recommend specific products or platforms. For organizations that have introduced AI ahead of their documentation, identifying those gaps early is well worth the effort.

Learn more about Mock Assessments