))
Understanding How ESPs Fit into Your CMMC Assessment Puzzle
Manage episode 471847677 series 3578015
Content provided by Wilson Bautista Jr.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Wilson Bautista Jr. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
π Just listened to another insightful episode of the CMMC News podcast, where the hosts take a deep dive into the complexities of CMMC, focusing on ESPs, SPAs, and VDIs. Here's what stood out to me:
π Key Takeaways:
- Scoping ESPs in CMMC: The involvement of External Service Providers in the CMMC assessment depends largely on their interaction with Controlled Unclassified Information (CUI) and whether they are a Cloud Service Provider. Non-cloud ESPs processing CUI make the whole service part of your CMMC scope.
- VDI Configurations Simplifying Scope: A properly configured Virtual Desktop Infrastructure can simplify CMMC scope by ensuring that local endpoint devices remain out of scope. This requires strict configurations to prevent local processing or storage of CUI.
- CRMAs vs. Specialized Assets: Understanding the difference between Contractor Risk Managed Assets (CRMAs) and specialized assets is crucial. While CRMAs can share networks with CUI processing assets without handling CUI, specialized assets often can't meet all security requirements due to their nature.
π§ If you're navigating the CMMC landscape, definitely give this episode a listen for more practical insights!
For the official CMMC documentation, click this link: https://dodcio.defense.gov/cmmc/Resources-Documentation/
#CMMC #CyberSecurity #DevSecLead #VDI #ESPs #Compliance
20 episodes
Share
