Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

NinjaOne: How MSPs Can Inherit CMMC Controls via FedRAMP

NinjaOne
07/10/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


inherit some of the controls that Ninja has. So, like, their FIPS encryption that they have, the boundary protection around the tools that they have, those types of things. I can inherit those in my SSP and say, okay, because they have their FedRAMP authorization, I can provide that as an example and the assessor will be like, okay, I'm not going to dig further because of the fact that they have that. And so that helps solve a lot of the technical controls around things like that. So, like, for when we put the agents on the client's machine for us to remote in, one of the challenges is obviously you want to make sure your remote access tool has a FIPS validated cryptography that's going to allow the remote access capabilities. And that's something that we leveraged through Ninja, which has been a huge help for us.

TL;DR

  • FedRAMP authorization is the only accreditation whose controls can be inherited during a CMMC assessment, reducing the technical burden on MSPs.
  • MSPs using NinjaOne can reference its FedRAMP status in their SSP, signaling to assessors that key controls like FIPS encryption are already satisfied.
  • Remote access tools must use FIPS-validated cryptography to meet CMMC requirements — NinjaOne's FedRAMP-backed tooling addresses this directly.

Summary

This short clip, drawn from a longer NinjaOne panel featuring MSP leaders from Executech and Axiom, highlights one of the most practical CMMC compliance advantages available to managed service providers: control inheritance through FedRAMP-authorized tooling. The speaker explains that FedRAMP authorization is the only accreditation whose controls can be directly inherited during the CMMC assessment process. Because NinjaOne holds FedRAMP authorization, MSP clients can reference that status in their System Security Plan (SSP) and expect assessors to accept it without requiring further technical scrutiny. Specific examples include FIPS-validated encryption and boundary protection — both critical requirements for DoD-adjacent environments. The speaker also addresses a common MSP challenge: ensuring that remote access agents deployed on client machines use FIPS-validated cryptography. NinjaOne's FedRAMP-backed remote access capability is cited as a direct solution to this requirement, reducing the compliance burden on the MSP and strengthening their overall CMMC posture. For MSPs pursuing or maintaining DoD contracts, this clip underscores the strategic value of selecting tools that carry FedRAMP authorization, as it can meaningfully reduce the scope and complexity of a CMMC assessment.

Chapters

0:00 - FedRAMP & Control Inheritance
0:16 - SSP Documentation & Assessors
0:32 - Remote Access & FIPS Requirements

Key Quotes

0:00 "... the only accreditation that can be inherited during your CMMC process."
0:05 "I can inherit some of the controls that Ninja has. So, like, their FIPS encryption that they have, the boundary protection around the tools that they have, those types of things."
0:16 "... because they have their FedRAMP authorization, I can provide that as an example and the assessor will be like, okay, I'm not going to dig further because of the fact that they have that."
0:41 "... you want to make sure your remote access tool has a FIPS validated cryptography that's going to allow the remote access capabilities. And that's something that we leveraged through Ninja, which has been a huge help for us."

FAQ

What does it mean to 'inherit' controls during a CMMC assessment?

Control inheritance means an MSP can reference a vendor's existing FedRAMP authorization in their System Security Plan to satisfy certain CMMC technical requirements — such as FIPS encryption or boundary protection — without needing to independently demonstrate compliance for those controls.

Why does FedRAMP matter specifically for CMMC compliance?

FedRAMP is the only accreditation recognized for control inheritance in the CMMC process. If an MSP's tooling holds FedRAMP authorization, assessors will generally accept that as evidence for the covered controls and will not dig further into those specific requirements.


Categories:
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Compliance & Governance
  • Security Operations
  • Getting Started
  • Best Practices
  • webinar_clip
  • CMMC compliance
  • FedRAMP authorization
  • control inheritance
  • FIPS-validated cryptography
  • MSP compliance strategy
  • remote access security
  • DoD contracts
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: NinjaOne: How MSPs Can Inherit CMMC Controls via FedRAMP

              Upcoming Webinar Calendar

              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                14

                Crafting a Championship-Worthy Security Team for Unmatched Defense

                07/14/202601:00 PM ET
                • Jul
                  14

                  Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                  07/14/202602:00 PM ET
                  • Jul
                    21

                    Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                    07/21/202604:00 AM ET
                    • Jul
                      22

                      Insights and Strategies for Effective Data Privacy and Protection

                      07/22/202606:30 AM ET
                      • Jul
                        22

                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                        07/22/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version