Many organizations rely on cloud platforms, managed service providers, or SaaS tools that could affect the security of CUI. In this final session, we examine how to identify and document your External Service Providers (ESPs) and determine whether they are part of your CMMC assessment scope. You’ll learn how to define ESP responsibilities, document relationships, and support shared responsibility decisions in your SSP.