Zero Trust and CMMC: Selecting a Service Provider (M01d)
With the CMMC final rule excluding Security Protection Data (SPDs) from service provider requirements, many Defense Industrial Base (DIB) companies face challenges in managing their service provider partnerships. This talk emphasizes the importance of treating these partnerships with zero trust, ensuring all service provider controls are covered during assessments. Topics include:
Validating service provider compliance
Understanding when external service providers (ESPs) qualify as Cloud Service Providers (CSPs)
Ensuring FedRAMP Authorization to Operate (ATO) or equivalency when applicable