HomeCMMC FAQsAssessments
Assessments — Official DoD FAQ

Does My Company Need a Specific CAGE Code for Each Location to Comply with CMMC?

💼
Confused about CMMC scoping and identifiers? Jun Cyber can help you define your assessment boundary correctly.
Schedule Free Consultation
Official DoD Answer
Source Source: DoD CIO CMMC FAQs v5 (C-Q5)

No, a specific CAGE code for each location is not required. An existing CAGE code within the company's hierarchy may be used to submit the appropriate assessment identified by the CMMC Unique Identifier (UID). The CMMC Assessment Boundary scope is documented in the System Security Plan and network diagrams.

In-Depth Analysis

CAGE Codes and CMMC: Simplified

You do not need a separate CAGE code for every physical location to comply with CMMC. The key identifier for CMMC is the CMMC Unique Identifier (UID), not the CAGE code.

How CMMC UIDs Work

The CMMC UID identifies a specific assessment boundary — the set of systems, networks, and processes covered by your CMMC assessment. Your System Security Plan (SSP) and network diagrams define what's included in this boundary.

CAGE Code Roles

CAGE codes serve specific purposes in the CMMC ecosystem:

  • SPRS access control: CAGE codes (including Highest-Level Owner) enforce who can access assessment data
  • Annual affirmations: Submitted using your CAGE code hierarchy
  • Metrics: DoD uses CAGE codes for program-level analytics

Important Note

Any information systems not represented by the CMMC UID(s) provided in a solicitation response are considered non-compliant and cannot be used to process, store, or transmit FCI or CUI for that contract. Make sure your assessment scope covers all systems you'll use.

Have More Questions?

ChatCMMC can answer detailed questions about CMMC compliance, NIST 800-171 controls, assessment preparation, and more — powered by official DoD documentation.

Ask ChatCMMC →

Get Your Free CMMC Readiness Assessment

Find out where your organization stands and what steps you need to take. Jun Cyber's CMMC experts are here to help.

By submitting, you agree to be contacted by Jun Cyber. No spam, ever.

Related Questions

You Might Also Want to Know

Assessments

Are CMMC Assessment Results Made Public?

 Assessments

How Do I Fix SPRS Errors for My CMMC Self-Assessment?

 Assessments

Does a Joint Venture Need Its Own CMMC Status?
Jun Cyber

Ready to Start Your CMMC Journey?

Jun Cyber helps defense contractors navigate CMMC compliance with confidence. From gap assessments to certification readiness — we've got you covered.

📅 Schedule a Consultation Learn About CMMC Select →