There a lot of confusion in the market about the Cybersecurity Maturity Model Certification (CMMC), particularly regarding what you or your customers need to do—or whether action is required at all—to meet specific compliance requirements. CMMC applies to MSPs and their small or medium business clients if they are specifically working within the Defense industry and/or handle specific types of information.
This document is intended to help shed some light on whether or not the CMMC applies to you and your clients, and if so, what you can do to comply. For a definitive assessment of your CMMC requirements and capabilities, we recommend engaging with a Certified Third-Party Assessor Organization (C3PAO).
