Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Play next
AI Governance Hurdles in Defense: Jason Tierney Examines CMMC Barriers for MSPs image

AI Governance Hurdles in Defense: Jason Tierney Examines CMMC Barriers for MSPs

E1975 · Business of Tech
Avatar
0 Plays3 days ago

The episode details a tightening regulatory environment driven by new enforcement timelines for Cybersecurity Maturity Model Certification (CMMC), altering how MSPs and IT service providers are expected to deliver both compliance and operational services for U.S. defense contractors. Structural pressure stems from the Department of Defense making CMMC Level 2 compliance a contractual mandate for approximately 300,000 defense contractors, shifting risk and accountability towards providers who manage compliance workflows, technical environments, and client behaviors. C3 Integrated Solutions and their dual CMMC Level 2 certifications exemplify this transition, with clear implications for co-ownership of compliance outcomes and increased scrutiny on provider practices.

The most consequential development is the substantial gap between compliance requirements and the current readiness of the defense contractor base. As of early 2026, only around 8% of contractors have obtained CMMC Level 2 certification, despite enforcement being implemented in contracts starting in November of the same year, according to Dave and Jason. Challenges arise from cost, organizational bandwidth, and complexity, with MSPs serving as pivotal partners to small subcontractors lacking in-house resources for process documentation and change management. Assessment scheduling bottlenecks and insufficient documentation are delaying certifications, increasing risk that many contractors and their service partners will miss the rapidly approaching deadlines.

Related developments reinforce the central issue of operational risk and governance complexity. Jason Tierney illustrates the difference between technical compliance and true assessment readiness, citing real-world examples where insufficient evidence and poor understanding of process details lead to significant assessment delays. The rise of compliance-as-a-service offerings, enclave computing environments, and specialized governance tooling are attempts to address those gaps, but also introduce new layers of pricing, platform selection, and accountability concerns, especially when third-party tools fail to meet strict requirements such as FedRAMP moderate for handling sensitive data.

For MSPs and IT leaders, the shift imposes higher barriers to entry, increased legal and contractual exposure, more rigorous documentation and process controls, and the need for customized delivery models that support both technical defenses and organizational behavior change. Providers must navigate conflicting requirements between specialized regulatory environments and multi-tenant tooling, manage escalating costs for both themselves and clients, and clarify responsibility boundaries in shared compliance scenarios. The requirement for human oversight—particularly in automated or AI-assisted compliance tooling—remains non-negotiable, reflecting the ongoing gap between technical implementation and credible assessment outcomes.

Supported by:
CometBackup
Moovila
HaloPSA

 

💼 All Our Sponsors

Support the vendors who support the show:

👉 https://businessof.tech/sponsors/

 

🚀 Join Business of Tech Plus

Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.

👉 https://businessof.tech/plus

 

🎧 Subscribe to the Business of Tech

Want the show on your favorite podcast app or prefer the written versions of each story?

📲 https://www.businessof.tech/subscribe

 

📰 Story Links

Recommended
Governance, Not Enablement: Why Agentic AI Demands New MSP Service Models image
Governance, Not Enablement: Why Agentic AI Demands New MSP Service Models
E1978 · Business of Tech
00:15:52·18 hours ago
AI Liability and Data Risk Shifts: Veeam’s Platform Pivot and Rich Freeman on MSP Readiness image
AI Liability and Data Risk Shifts: Veeam’s Platform Pivot and Rich Freeman on MSP Readiness
E1977 · Business of Tech
00:40:07·1 day ago
Structured Vendor Programs Increase Operational Load for MSPs image
Structured Vendor Programs Increase Operational Load for MSPs
E1976 · Business of Tech
00:15:23·2 days ago
Google Redesigns Search: Automation Control Emerges as Core MSP Responsibility image
Google Redesigns Search: Automation Control Emerges as Core MSP Responsibility
E1974 · Business of Tech
00:13:42·7 days ago
Security Proof Becomes an MSP Service: Insurance, Trustmarks, and the Evidence Operating Model image
Security Proof Becomes an MSP Service: Insurance, Trustmarks, and the Evidence Operating Model
E1973 · Business of Tech
00:14:04·9 days ago
Vendor-Integrated AI Increases Liability Exposure for MSPs Managing Client Systems image
Vendor-Integrated AI Increases Liability Exposure for MSPs Managing Client Systems
E1971 · Business of Tech
00:14:54·10 days ago
Chad Gaydos on AI Moving Procurement from Record-Keeping to Automated Decision Execution image
Chad Gaydos on AI Moving Procurement from Record-Keeping to Automated Decision Execution
E1972 · Business of Tech
00:22:11·11 days ago
AI Integration Into PSA and Security Platforms Forces New Governance Demands on MSPs image
AI Integration Into PSA and Security Platforms Forces New Governance Demands on MSPs
E1970 · Business of Tech
00:11:53·14 days ago
AI Accelerates Exploit Creation and Evidence Burden for MSPs, Says Google and Proofpoint image
AI Accelerates Exploit Creation and Evidence Burden for MSPs, Says Google and Proofpoint
E1969 · Business of Tech
00:14:26·16 days ago
AI Agents Create New Accountability Risks for MSPs Managing Cloud Environments image
AI Agents Create New Accountability Risks for MSPs Managing Cloud Environments
E1968 · Business of Tech
00:14:56·17 days ago
New AI Metering Forces MSPs to Rethink Contracts and Prove Control Over Usage image
New AI Metering Forces MSPs to Rethink Contracts and Prove Control Over Usage
E1967 · Business of Tech
00:14:22·18 days ago
Consumption-Based AI Shifts MSP Role from Access to Governance and Cost Control image
Consumption-Based AI Shifts MSP Role from Access to Governance and Cost Control
E1966 · Business of Tech
00:13:13·21 days ago
Jessica Davis on AI-Driven Pricing: How Microsoft and Kaseya Are Pressuring MSP Margins image
Jessica Davis on AI-Driven Pricing: How Microsoft and Kaseya Are Pressuring MSP Margins
E1965 · Business of Tech
00:41:43·22 days ago
Shadow AI Shifts MSP Role: From AI Access to Proving Control and Recovery image
Shadow AI Shifts MSP Role: From AI Access to Proving Control and Recovery
E1964 · Business of Tech
00:12:51·23 days ago
When Agents Can Buy and Provision: The Shift from Automation to Enforced Governance image
When Agents Can Buy and Provision: The Shift from Automation to Enforced Governance
E1963 · Business of Tech
00:13:28·24 days ago
Microsoft and AWS Shift MSPs Toward Metered AI Pricing and Governance Exposure image
Microsoft and AWS Shift MSPs Toward Metered AI Pricing and Governance Exposure
E1962 · Business of Tech
00:15:46·25 days ago
Microsoft and Federal Agencies Shift Security from Best Effort to Verified Service Operation image
Microsoft and Federal Agencies Shift Security from Best Effort to Verified Service Operation
E1961 · Business of Tech
00:14:54·28 days ago
AI Automation Shifts MSPs from Per-Seat Pricing to Variable, Metered Cost Models image
AI Automation Shifts MSPs from Per-Seat Pricing to Variable, Metered Cost Models
E1960 · Business of Tech
00:15:47·29 days ago
OpenAI and Deepseek Drive AI Costs Up, Forcing MSPs to Rethink Pricing Models image
OpenAI and Deepseek Drive AI Costs Up, Forcing MSPs to Rethink Pricing Models
E1959 · Business of Tech
00:11:48·1 month ago
AI Moves to Metered Utility: Microsoft, Cisco, and the Demand for Explicit Governance image
AI Moves to Metered Utility: Microsoft, Cisco, and the Demand for Explicit Governance
E1958 · Business of Tech
00:14:12·1 month ago