Send us a text

🌟 Just listened to another insightful episode of the CMMC News podcast, where the hosts take a deep dive into the complexities of CMMC, focusing on ESPs, SPAs, and VDIs. Here's what stood out to me:

🔍 Key Takeaways:

• Scoping ESPs in CMMC: The involvement of External Service Providers in the CMMC assessment depends largely on their interaction with Controlled Unclassified Information (CUI) and whether they are a Cloud Service Provider. Non-cloud ESPs processing CUI make the whole service part of your CMMC scope.
• VDI Configurations Simplifying Scope: A properly configured Virtual Desktop Infrastructure can simplify CMMC scope by ensuring that local endpoint devices remain out of scope. This requires strict configurations to prevent local processing or storage of CUI.
• CRMAs vs. Specialized Assets: Understanding the difference between Contractor Risk Managed Assets (CRMAs) and specialized assets is crucial. While CRMAs can share networks with CUI processing assets without handling CUI, specialized assets often can't meet all security requirements due to their nature.

🎧 If you're navigating the CMMC landscape, definitely give this episode a listen for more practical insights!
For the official CMMC documentation, click this link: https://dodcio.defense.gov/cmmc/Resources-Documentation/

#CMMC #CyberSecurity #DevSecLead #VDI #ESPs #Compliance

Support the show