-
Against the Practice of MSP/MSSP using non-FedRAMP services in support of CMMC Organizations Seeking Assessment (OSA)
POSITION PAPER April 2026 Executive Overview Managed Service Providers and Managed Security Service Providers routinely operate multi-tenant platforms on behalf of defense contractors undergoing CMMC Level 2 assessment. These platforms — help desks, RMM tools, SIEM/SOC dashboards, ticketing systems, managed EDR consoles, backup management portals, and others — frequently provide operational or administrative access to…
