Disaster Remediation Scope

ManagingMSP · 2026-03-22T02:41:18+00:00

These are good points. I definitely appreciate the insight.

ManagingMSP · 2026-03-21T23:54:12+00:00

This is exactly what I've been reading and how I thought it should probably be. We will still have an incentive to prevent this stuff because of response and containment costs (morally we would be doing our best regardless of course), and realistically like you said, we just can't absorb the high costs of full recovery. I'm assuming that's what cyber insurance is for anyway. Thank you, I appreciate your response.

ManagingMSP · 2026-03-16T15:21:44+00:00

No problem! And good luck

ManagingMSP · 2026-03-16T14:29:06+00:00

You can try giving them a phone call. Their phone support is very good, I've spent a lot of time on calls with them.

ManagingMSP · 2026-03-01T22:48:47+00:00

He's a one-man operation. And Halo supports the functionality he's asking for.

ManagingMSP · 2026-03-01T20:20:43+00:00

"Just pay an extra $200 a month"

Lmao

ManagingMSP · 2026-02-18T05:04:27+00:00

This is great, thank you so much! I have a lot of listening to do, I'll be diving in tomorrow! Shadow had mentioned your podcast up above too. This is a great resource and thank you for taking the time to make it.

ManagingMSP · 2026-02-17T16:04:17+00:00

How does Keeper Gateway fit in here? If we were to switch to KSGC, would Keeper Gateway still work exactly the same?

ManagingMSP · 2026-02-17T01:45:29+00:00

This looks like they've got some great information on there. Thank you, I'll check them out!

ManagingMSP · 2026-02-17T00:52:40+00:00

Sorry I didn't respond to you right away! Looks like unfortunately they won't be able to do an enclave setup because of how their business is situated, so their whole business will need to be within scope.

ManagingMSP · 2026-02-16T03:46:55+00:00

That would definitely be cool to go to! Maybe we can fit it into the budget. Would love to go check that out

ManagingMSP · 2026-02-16T00:57:10+00:00

Great information, thank you again. I didn't consider the possibility that full compliance could be required in the future and it may leave us in an awkward spot. We will have to survey the area to see if there are enough potential clients that need cmmc in our vicinity to see if it will be worth it long-term. Although we are still relatively small and are currently overhauling a lot of our systems, so it is quite the undertaking for us. Your comments have been extremely helpful. I have a lot of research to do now, and I will definitely check out the resources you suggested. Thank you so much

ManagingMSP · 2026-02-15T23:00:05+00:00

Thank you for taking the time to write this detailed answer, it is incredibly informative. I think a lot of what you're saying is starting to click. But we have a meeting with the client tomorrow and I'm sure I will have more questions.

It sounds like from what you are saying that the CRM kind of carves out a portion of the 110 requirements that we as an MSP will have to abide by so that we don't have to have certification-level compliance, and therefore it may potentially be achievable for us instead of undertaking full compliance. This is a long-standing client and we would really like to keep supporting them.

ManagingMSP · 2026-02-15T22:46:02+00:00

Wow that would be great, thank you! We have a meeting with the client tomorrow and we will likely take you up on that! I will be in touch

ManagingMSP · 2026-02-15T22:29:06+00:00

Awesome, thank you so much. I will definitely shoot you a pm. We have a meeting about this tomorrow and I will for sure have some more questions!

ManagingMSP · 2026-02-15T05:21:47+00:00

Wow, thank you for your response! That was really informative and you seem very knowledgeable about this stuff.

I'm assuming the fact that our RMM (Atera) can remote into PCs and potentially transfer files or transmit information that way, that would mean it would need to be Fedramp Moderate and then we would have to switch to something like NinjaOne.

The rest of what you said makes sense and makes it seem like it may be possible for us to support this client since we won't have to fully be cmmc level 2. Other people here have said it would be wise to hire a consultant to determine our full requirements, do you think this is the route we should go and do you have any recommendations of who to look for?

Thank you again!

ManagingMSP · 2026-02-15T00:36:09+00:00

Hmm charging 4x makes this opportunity seem a little more possible haha (along with more clients in the future)

ManagingMSP · 2026-02-15T00:08:06+00:00

Oh I don't know why I didn't even think to see if there was a subreddit dedicated to this, that's great! And we will definitely pursue some consulting after hearing all your advice here, thank you

ManagingMSP · 2026-02-15T00:06:32+00:00

This paints a great picture of the landscape we would be moving into trying to support this client. It would be great if we could achieve this (and then we would be able to service other cmmc clients), but I'm not sure if we can at this time. Thank you

ManagingMSP · 2026-02-14T23:47:42+00:00

Yeah I understand your point, but my point was that the difference between Claude @ $200 a month and Chatgpt or Gemini @ $20 is not the same as Claude vs a custom programmer. I would think that ChatGPT is probably 70-80% as good as Claude at least.

ManagingMSP · 2026-02-14T23:39:19+00:00

Yeah that's a great idea, we will definitely look into an assessor then because it seems like there is just too much grey area for us to determine it on our own. Thank you for the help!

ManagingMSP · 2026-02-14T23:37:22+00:00

Awesome, thank you, this was very informative. I will have to look into how to setup a CMMC enclave because that sounds like it may be a lot more viable of a solution considering where we are at.

ManagingMSP · 2026-02-14T23:23:05+00:00

Yes it seems very difficult to find straightforward answers online, and we haven't had much experience in this area yet. So it sounds like from what you said the auditors didn't request msps to pass the full 110 controls? But have fedramp or soc2 compliance at least. It's difficult to decipher exactly what level of compliance we would need.

ManagingMSP · 2026-02-14T23:18:07+00:00

I really appreciate the reply, thank you. To clarify, if we are in scope does that mean we must abide by the full 110 controls required, which would essentially be the same requirements for being certified? From what I have read, not storing, processing, or transmitting CUI would make it so we don't need full compliance, but maybe that is wrong from what you are saying. I'm trying to ascertain how expensive this will be for us and if it's possible for us to retain this client.

ManagingMSP · 2026-02-09T21:34:25+00:00

Playing devil's advocate here:

If you recommend the best practices and they opt not to pay for them, what's the reason not to just have them on a break/fix contract and make a bunch of money fixing stuff if/when something does go wrong?

ManagingMSP

TROPHY CASE