September 10, 2022

Managed Service Providers and CMMC (Do They Fit)

Managed IT Service Providers and CMMC

The new CMMC-AB has made it clear that Managed Service Providers (MSPs) and Managed Service Security Providers (MSSPs) are required to CMMC certify if they handle their defense customers’ CUI.

This is a major shift in the way MSPs and MSSPs will do business with the Department of Defense (DoD). In the past, service providers were only required to comply with NIST 800-171, but now they will need to be certified at one of five levels by an independent third-party assessor.

This change will have a major impact on the way MSPs and MSSPs operate and will require them to make significant changes to their security programs.

Level 3 is the highest level of certification and requires a comprehensive security program that includes all 17 domains of the CMMC. MSPs and MSSPs that are not already certified at this level will need to make substantial investments in order to meet the requirements.

However, given the importance of protecting CUI, it is likely that many service providers will find that the investment is worth it.

#managedservices #cmmc #coloradosprings

//Follow Us Today

Don’t forget to like, subscribe and comment on our channel. Subscribe today at

4925 N Union Blvd,
Colorado Springs, CO 80918

local: 719.355.2440
toll-free: 866.611.5207
support: 719.439.0599
fax: 719.355.3581