Skip to content

Shared Responsibility Matrix For CMMC 2.0

Download the Summit 7 Shared Responsibility Matrix here

Aerospace and Defense organizations supporting the Department of Defense (DoD) are moving to external services providers to satisfy current DoD requirements such as CMMC 2.0, NIST 800-171, and DFARS 7012. These suppliers are faced with critical decisions when it comes to outsourcing compliance because of industrial complexities and the potential lack of operational resources.

CMMC 2.0 requires contractors and those handling sensitive data (CUI/CDI/CTI/ITAR) on behalf of the DoD to define obligations and responsibilities when using external service providers for current compliance mandates. 
triangle copyA proper Shared Responsibility Matrix (SRM) is the #1 indicator of your likelihood to pass a CMMC assessment
triangle copyAn SRM is required for CMMC 2.0 compliance (by assumption and reference)
triangle copy An SRM provides assurance to both assessors and business owners

The goal of this guide is to equip readers with answers to the following questions:
checkmark_red What % of responsibility does my organization have if we're using external service providers for compliance?
checkmark_red What questions should I be asking my Managed Service Provider (MSP)?
checkmark_red Why am I required to have a Shared Responsibility Model / RACI Matrix for CMMC 2.0 compliance?
Key insights in this download:
  • The responsibility of external service providers and organizations seeking certification (OSCs) are clearly defined for successful completion of CMMC assessments

  • The Summit 7 team analyzed the 1,524 assessable objects listed NIST SP 800-171A to determine correct RACI assignments

  • This download highlights Summit 7 work packages that address large percentages of the assessment objectives defined in CMMC 2.0 and NIST 800-171

If you have any questions you can contact our team here.

*Please note: the version of the SRM you are downloading is not the complete version needed to successfully pass a CMMC assessment. This is a high-level summary of what Summit 7 MSP clients receive.

Download The SRM

Achieving CMMC 2.0 Compliance With The Shared Responsibility Model


2 Parade St NW
Huntsville, AL 35806