Am I required to use FedRAMP Moderate rated service providers?

less than 1 minute read

Yes, as a government contractor handling CUI, you are required to ensure that any cloud service provider (CSP) used to store, process, or transmit CUI meets FedRAMP Moderate security requirements or an equivalent standard. Failure to use authorized CSPs risks non-compliance with DFARS and CMMC Level 2, and may result in the loss of contract eligibility.

Reference: Table 4 to § 170.19(c)(2)(i)—ESP Scoping Requirements

Share on

X Facebook LinkedIn Bluesky

You don’t need a title to lead.

1 minute read

Here is something worth thinking about as a leader in your organization: every person on your team is already leading every single day. The question is just ...

Let’s get serious.

2 minute read

There’s a version of this story that nobody talks about at conferences. The IT manager who actually understands the problem, who has read the framework, who ...

Can we allow personal devices on our CUI network?

1 minute read

Here’s the thing about BYOD: it feels like a gift. Employees love it. Finance loves it. The IT department gets to stop managing a fleet of devices, and sudde...

What are Specialized Assets?

1 minute read

The scoping designation of “Specialized Asset” is reserved for specific categories of devices or systems that may handle CUI but cannot feasibly meet all sta...

Justin Sloan

Am I required to use FedRAMP Moderate rated service providers?

Share on

You may also enjoy

You don’t need a title to lead.

Let’s get serious.

Can we allow personal devices on our CUI network?

What are Specialized Assets?