Skip to content

MSPs and CMMC / NIST 800-171 Compliance

Organizations using an MSP are required to have a Shared Responsibility Matrix for CMMC 2.0 and NIST 800-171

If you are using an MSP or MSSP for CMMC compliance, you are required to show an assessor a Shared Responsibility Matrix defining obligations and responsibilities for both your organization and the company that supports you.
Small and medium Aerospace and Defense organizations supporting the Department of Defense (DoD) are moving to external service providers to satisfy current DoD requirements such as CMMC 2.0, NIST 800-171, and DFARS 7012

CMMC 2.0 requires contractors and those handling sensitive data (CUI/CDI/CTI/ITAR) on behalf of the DoD to define obligations and responsibilities when using external service providers for current compliance mandates. 

The goal of this guide is to equip readers with answers to the following questions:
checkmark_red What % of responsibility does my organization have if we're using external service providers for compliance?
checkmark_red What questions should I be asking my Managed Service Provider (MSP)?
checkmark_red Why am I required to have a Shared Responsibility Model / RACI Matrix for CMMC 2.0 compliance?
triangle copyA proper Shared Responsibility Matrix (SRM) is the #1 indicator of your likelihood to pass a CMMC assessment
triangle copyAn SRM is required for CMMC 2.0 compliance (by assumption and reference)
triangle copy An SRM provides assurance to both assessors and business owners
Key insights in this download:
  • The responsibility of external service providers and organizations seeking certification (OSCs) are clearly defined for successful completion of CMMC assessments

  • The Summit 7 team analyzed the 1,524 assessable objects listed NIST SP 800-171A to determine correct RACI assignments

  • This download highlights Summit 7 work packages that address large percentages of the assessment objectives defined in CMMC 2.0 and NIST 800-171

If you have any questions you can contact our team here.

Achieving CMMC 2.0 Compliance With The Shared Responsibility Model


2 Parade St NW
Huntsville, AL 35806