Cyber AB Certified CMMC Professional (CCP) Exam CMMC-CCP Question # 26 Topic 3 Discussion
CMMC-CCP Exam Topic 3 Question 26 Discussion:
Question #: 26
Topic #: 3
While determining the scope for a company's CMMC Level 1 Self-Assessment, the contract administrator includes the hosting providers that manage their IT infrastructure. Which asset type BEST describes the third-party organization?
When a company usesthird-party IT providersto manage their infrastructure, these organizations are classified asExternal Service Providers (ESPs)underCMMC scoping guidelines.
Step-by-Step Breakdown:✅1. What is an ESP?
External Service Providers (ESPs)arethird-party organizationsthat:
ProvideIT services, cloud hosting, and managed security solutions.
Process, store, or transmit FCI or CUIon behalf of a contractor.
Mustmeet the same security requirementsas the OSC if they handle FCI or CUI.
If a company relies ona hosting provider to manage IT infrastructure, that provider is anESPunderCMMC scoping guidelines.
✅2. Why the Other Answer Choices Are Incorrect:
(B) People❌
Incorrect:ESPs areorganizations, not individual people.
(C) Facilities❌
Incorrect:Facilities refer tophysical locationslike office buildings or data centers, not third-partyservice providers.
(D) Technology❌
Incorrect:While ESPs provide technology services, the correct term forthird-party IT providersunder CMMC isESPs, not just "Technology."
TheCMMC Level 1 Scoping GuidedefinesExternal Service Providers (ESPs)asthird-party organizations that manage IT infrastructure and security services.
Final Validation from CMMC Documentation:Thus, the correct answer is:
✅A. ESPs (External Service Providers).
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit