Scope defines which systems, assets, interfaces, lifecycle phases, and organisational responsibilities are included in your cybersecurity engineering boundary. If scope is unclear, requirements and evidence become inconsistent.