SIMS Cloud 4.0 Compliance FAQ

CSP (Cloud Service Provider)

AWS GovCloud is the CSP (Cloud Service Provider) for the SIMS application.

• CMMC requires that the customer’s CSP be FedRAMP certified (or equivalent) and that the customer’s MSP be certified at the same CMMC level as the customer.
• SIMS Cloud 4.0 is deployed within AWS GovCloud, which maintains FedRAMP High certification. The SIMS Cloud enclave within AWS GovCloud inherits some of the FedRAMP High controls from AWS, primarily relating to physical security.

MSP (Managed Service Provider)

SIMS Software is the MSP (Managed Service Provider) for the SIMS Cloud 4.0 environment, managing an enclave within Amazon AWS GovCloud on behalf of our customers. The SIMS Cloud 4.0 environment was built to meet CMMC 2.0 Level 2 requirements for handling CUI.

• Our responsibilities include managing the enclave infrastructure, while customers manage their application settings and data. We provide a shared responsibility matrix to define these roles.
• The SIMS Cloud 4.0 environment was awarded Final CMMC Level 2 certification on June 13, 2025 by C3PAO, StrategicIT Solutions LLC.

Per the CMMC guidelines how do you determine whether SIMS Software is defined as an MSP or CSP?

SIMS Software received confirmation from the DoD CIO, that according to the definitions in 32 CFR part 170, along with the details of our enclave infrastructure, SIMS Software is classified as a Managed Service Provider, managing a third-party cloud service on behalf of an OSA (Organization Seeking Assessment).