GRC Platform and FedRAMP Authorized / CMMC L2+ Requirements

old.reddit.com / @/u/MSP-Southern, https://old.reddit.com/user/MSP-Southern

I apologize if this question has been previously answered in this sub. If it has, please direct me to the relevant discussion.

One of our clients is seeking our assistance in sourcing a GRC platform. I am trying to determine whether the vendor needs to meet CMMC certification, ATO, and/or FedRAMP Authorization. I believe they do, but two vendors I consulted said no, stating that their tool meets CMMC requirements by being hosted in a GovCloud/GCC High facility.

Our client will be storing partial CUI on the platform, including their ISMS, SOPs, policies, evidence, configurations, data flow diagrams, SSP, etc.

Any guidance would be greatly appreciated.

submitted by /u/MSP-Southern
[link] [comments]

published about 1 month ago


Previous

Background Check for certification
published about 1 month ago

Next

How to start or build our CMMC (small business)
published about 1 month ago
See all items from the same source