Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

December 6, 2021 |

MSPs Must Comply with CMMC

Now that new guidance from the DoD makes that clear, will MSPs run and hide, or achieve compliance to earn bigger profits?

On December 3, 2021, the Department of Defense (DoD) released the long-awaited scoping guidance for CMMC 2.0, the newly announced revision to the original CMMC model. If you have even one defense contractor client that must comply with CMMC at any level, your managed service provider business will be part of their assessment.

You can choose to run and hide from defense contractors, or comply with CMMC and reduce the number of competitors you will face, while establishing very sticky relationships with clients.

What’s in the Guidance

The new guidance, both for end-user self-assessments and independent assessments for certification, lists security tools and vendors (including MSPs and cloud services) within the assessment scope.

The DoD defines External Service Provider (ESP) as “External people, technology, or facilities that the organization uses, including cloud services, co-located data centers, hosting providers, and managed security service providers.”

The DoD also talks about “Security Protection Assets” and provides examples:

What This Means for You

The new guidance means that your MSP business will need to implement a compliance program aligned with the NIST SP 800-171 framework consisting of 110 cybersecurity practices.

It is likely you will need to change the way you implement cybersecurity by:

  • Using government versions of communications and data storage tools.
  • Ensuring your vendors are compliant, including protecting production data and backups with FIPS 140-2 certified encryption.
  • Always having current documentation validating your compliance.

If your clients only process, store, or transmit Federal Contract Information (FCI), you will need to validate your compliance with CMMC 2.0 Level 1. However, if you have even one client that processes, stores, or transmits Controlled Unclassified Information (CUI), you will need to meet the requirements for CMMC 2.0 Level 2, and implement all 110 practices in NIST SP 800-171.

Some defense contractors will have to comply with CMMC 2.0 Level 3, requiring additional protection against advanced persistent threats.

The assessment guides – expected to be released in mid-December – will provide more guidance to help you prepare for your assessment.

The new scoping guidance definitively answers the question about MSPs having to comply with CMMC. Compliance is achievable and can result in bigger profits if you can show you are a trusted authority and have differentiated your company from MSPs who continue to think that cybersecurity and compliance are the same.


MIKE SEMEL is a former MSP and founder of Semel Consulting, which provides advisory services to MSPs and end users for compliance, cybersecurity, and business continuity planning. He worked with CompTIA to develop its Security Trustmark Plus, and with RapidFire Tools to create Compliance Manager GRC.


Editor’s Choice

MSP360 Bolsters Managed Backup Solution With Full Sharepoint Backup and Restore, Object Lock, and More

March 25, 2024 |

MSP360 CEO Brian Helwig details the latest improvements in its managed backup solutions and teases some new opportunities down the road for its partners in an exclusive ChannelPro interview.

Peer to Peer: Aurora’s Philip de Souza shares his secrets to creating a successful MSSP

March 19, 2024 | Philip de Souza

“It’s important that we understand when it comes to this whole MSP world that it’s all about the customer.”

Evolving State AI Regulations: Best Practices for Mitigating Risk

March 14, 2024 | Anurag Lal

While AI technologies can unlock tremendous business value, they also have potential risks.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience