The recent notice of proposed rulemaking for the Cybersecurity Maturity Model Certification (CMMC) program made one thing for certain: the U.S. Department of Defense is serious about external service provider (ESP) security. Under the proposed regulation, U.S. defense contractors will need to pay close attention to their Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) who qualify as ESPs to ensure they also ach...