CMMCDocs.comESP
Also known as: External Service Provider
External Service Provider — any third party (cloud provider, MSP, MDR, SaaS vendor) that touches the contractor's in-scope environment.
An External Service Provider (ESP) is any third-party organization that provides services touching the contractor's in-scope CMMC environment — whether by processing CUI, hosting infrastructure, providing security functions, or managing systems. Common ESPs include cloud providers (Microsoft 365, AWS, Azure), managed service providers (MSPs), managed detection and response (MDR) services, identity providers, backup providers, and SaaS applications.
Under CMMC Level 2, every ESP touching the in-scope environment must be analyzed in the contractor's shared responsibility matrix. The contractor remains accountable for the requirements that apply to the services the ESP provides.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account