Security Protection Assets – When CMMC and FedRAMP Are not Enough (L01c)
Organizations Seeking Certification (OSCs) that utilize MSP or MSSPs that implement and manage security protection assets will be in scope of a CMMC L2 Assessment. There is considerable debate on what this means and how it can/will impact an assessment. Some call for the MSP/MSSP to become Level 2 certified, some think its FedRAMP but to date nobody is highlighting the devil in the details. In this session audience members will have the following takeaways:
1) Clear understanding about if your MSP/MSSP will be in scope.
2) Learn what to insist upon for a Service Level Agreement or Terms & Conditions.
3) Learn how to demonstrate Inheritance with SSP Supplemental narratives