The CMMC CRM Acquisition Playbook

I spent a Monday getting the same document from two cloud service providers. AWS took five minutes and a command-line PDF extraction tool. Google took eight hours, two simultaneous support chats, an LLM-drafted support ticket, an escalation sherpa, and a tripartite NDA structure whose existence is unknown to Google’s own frontline support.

Both vendors publish a CMMC Customer Responsibility Matrix — the spreadsheet that maps NIST 800-171 controls to inherited, shared, or customer responsibility. Both are legally required to provide it. The experience of obtaining them could not be more different.

The golden god and the locksmith

AWS Artifact is a self-serve temple. You log in, you click, you download. I walked out of that temple feeling like a golden god.

Then I looked at what I’d downloaded. Two pages. The CRM maps every AWS service against 110 CMMC controls — inherited, shared, or customer responsibility for each one. That doesn’t fit in two pages. Did I download the wrong thing? Back to the Artifact temple: no, that was it. AWS delivers the CRM as an XLSX embedded inside a PDF portfolio — a delivery format I have never seen in my life. The two-page PDF is a wrapper. The actual spreadsheet is attached inside it, invisible unless your PDF reader supports portfolio attachments. PDF Expert showed me the attachment existed but couldn’t extract it. I ended up using pdfdetach, a poppler command-line tool, to pull it out.

pdfdetach -saveall aws-nist-800-171-cmmc-crm.pdf

Out came six sheets: disclaimer, instructions, CIS reference, CMMC CRM for commercial US regions, CMMC CRM for GovCloud, and a supplemental mapping. The golden god still had to bring a locksmith. But it took five minutes, and nobody asked me to sign anything.

The eight-hour chatops chasm

Google’s published CMMC Level 2 Configuration Guide — 174 pages, publicly downloadable — references the CRM on page 9. It says to “reach out to your Google Workspace customer representative and request the CRM.” So I did.

My first chat agent, Satyam, lasted thirty seconds before punting: “a specialist intervention is required to calibrate this.” He never tried.

Cymon, the specialist, was the real adversary. He opened with a flat denial: “there is no specific CRM that can be found directly from Google Workspace accounts.” I quoted page 9 of Google’s own guide back at him. I told him explicitly: I’m not asking you to find it in my account. You have it. I want you to give me a copy.

He pivoted to Google Cloud. “This should be coming from the Google Cloud team.” We have zero infrastructure in Google Cloud. This is a Workspace CRM. I pushed back. He retreated to a different deflection: “as long as you have the Assured Controls add-on.” We do — have for a year. (My GovCloud demo tenant is literally named “Adequate Controls.” The naming gods were having a day.) I said great, tell me the steps. He went on a long hold and came back with the same wrong answer, delivered with more confidence: “this matter should be handled by the Google Cloud platform.”

I gave up on him gracefully and opened a second chat with Google Cloud directly — not because Cymon transferred me, but because I wasn’t letting him off the hook yet. The Google Cloud contact form connected me to Jitesh, who sent a sales letter. Two simultaneous chats, both failing in different directions, neither aware of the other.

Prompt engineering for meat-based agents

This section starts with bananas. Stay with me.

A few weeks earlier, I ordered bananas from Target — their delivery service, the one they absorbed when they bought Shipt. The shopper brought me plantains. Not a different variety of banana — plantains, the starchy cooking fruit that looks like a banana the way a serval looks like a house cat. I reordered. This time I got actual bananas, but they arrived so green and hard they outlived two batches of avocados on my counter. I tried every home-ripening trick — paper bags, proximity to apples, patience. Nothing. Two weeks later I had the same bananas, unchanged, like produce from a parallel universe where entropy doesn’t apply.

I asked ChatGPT what to try next. Not for shopping advice — I just wanted to know why these specific bananas were immortal. When I mentioned the plantain incident — which might have been a Kroger order via Instacart, I use both — ChatGPT explained what was happening. Gig shoppers are optimizing for a single metric: not getting blamed. “Bananas” with no further instruction translates to “grab the greenest, firmest, least-complainable fruit in the store.” An item that looks underripe generates no complaints. An item that arrives bruised does. The shopper’s incentive function produces immortal bananas by design — and in the store, the plantains sit right next to the bananas, often unlabeled — stores don’t always do the best job of keeping produce correctly signed. A shopper without banana-vs-plantain domain knowledge grabs the first thing in the right area that matches the general shape.

ChatGPT framed gig shoppers as “human APIs with poor defaults.” It proposed treating the problem like prompt refinement: override the defaults explicitly — request yellow bananas with a few brown spots, something that would never have occurred to me because banana selection is unspoken folklore that needs no words until a stranger is picking them for you. Define failure conditions (“do not substitute plantains”). Provide clear fallback behavior (“if unavailable, message me”). Three clauses — desired state, failure conditions, fallback — and the agent goes from autopilot to satisfying actual criteria.

Google Workspace chat agents are the same archetype. Untrusted agents with misaligned incentives, no domain knowledge of the CRM release process, optimizing for “close the chat” rather than “fulfill the request.” The plantains-for-bananas swap is the same shape as “ask Google Cloud” for a Google Workspace document — a confident substitution by someone who doesn’t know the difference.

So I wrote a human prompt — Claude drafted, ChatGPT refined — that preempts every deflection failure mode I’d catalogued across eight hours:

• State the exact deliverable in the first two lines
• Quote their own documentation back at them, by page number
• Define exactly two acceptable outcomes: provide the CRM, or escalate and provide the case number
• Enumerate the specific wrong answers and say “do not do these”
• Define success operationally, so there’s no ambiguity about resolution

The three-clause template from the banana problem applies directly: desired state, failure conditions, clear fallback. Whether the agent is picking fruit or routing compliance requests, the structure is identical.

I filed this as an async email support ticket. Chat was a dead end, and not just because the agents didn’t know the answer.

Chat support optimizes for rapid response latency, queue throughput, and concurrent handling of multiple humans at once. Workflow designers force chat agents to juggle several conversations simultaneously. That environment rewards deflection, partial answers, and progress theater — an agent can keep many conversations alive by moving you somewhere else, asking one more question, or pasting a vaguely related snippet. A bad non-answer evaporates into chat sludge.

Email changes the incentive structure. A ticket sits there as a discrete object. It can be reassigned, escalated, annotated, and reopened. A bad non-answer becomes part of the case history instead of disappearing. The agent has to open the email, figure out what to do, and respond fully before turning to the next ticket. Even if the underlying org is still chaotic, email naturally demands a more durable artifact: what is being requested, what was tried, who owns it, what the next action is.

I wasn’t failing to communicate in those chat sessions. I was trapped in a medium whose economics reward not-resolving. The human prompt I wrote was designed to create a clean object inside their system — something an internal adult could grab and route correctly. Chat couldn’t be that object. A ticket could.

The escalation sherpa

Google’s support interface includes an “Escalate” button. I pressed it. The system assigned a dedicated human — an escalation manager named Lourdes — to shepherd my case through the internal routing. Within hours, the case had been transferred three times and landed with Google’s Data Protection team.

The Data Protection team responded clearly, professionally, and with exactly the process I needed. They have the CRM. They will release it. But first, a structure.

The three-headed cerberus

Google’s CRM release process is a tripartite legal self-prebinding structure:

1. Agree to the terms that allow them to send you the NDA
2. Sign the actual NDA
3. Receive the CRM under its confidentiality provisions

Each layer gates the next. The structure is never exposed to frontline support. Chat agents are not trusted with the knowledge that this process exists or how to trigger it on behalf of customers. Cymon couldn’t help me because he genuinely didn’t know the path existed — not because he was lazy, but because Google’s internal information architecture doesn’t extend to the people who answer the phone.

The name of the team tells you everything. Google’s “Data Protection team” exists to protect Google’s data from competitors. That’s their job, and they’re good at it — the tripartite NDA structure is well-designed gatekeeping. But the CRM isn’t trade secrets or source code. It’s a document that maps shared security responsibilities between Google and its customers, required by a federal compliance framework, and required to be shared not just with us but with our auditors. This should be a customer deliverable. AWS frames theirs that way — baroque packaging, but no gatekeeping. Google frames theirs as confidential information that could damage them if mishandled. Same compliance obligation, same class of document, and the difference in framing is the original sin that produced the eight-hour obstacle course.

The reconnaissance theory

I should be fair about what happened. Google Workspace support handles password resets, billing questions, admin console configuration — a huge surface area serving millions of customers. I walked in with an ultra-narrow niche request that has approximately zero precedent in living memory. A CMMC Customer Responsibility Matrix? For a compliance framework that most Workspace customers have never heard of? The agents weren’t incompetent. They were fielding a request from a universe so tiny it doesn’t appear in their training, their scripts, or their internal documentation. Of course they didn’t know.

And the eight hours of chat weren’t wasted. They were reconnaissance. I couldn’t have written the human prompt without first cataloguing the failure modes live — the flat denial, the wrong-division redirect, the prerequisite check for something already enabled. Each failure taught me what to preempt in the email ticket. The chat sessions produced the taxonomy that made the async approach work.

The thing that finally worked was switching channels entirely — from real-time chat where agents optimize for closure, to async email where the paper trail has weight, combined with the escalation button that assigns a human sherpa to protect the case through internal routing. Once the case reached the Data Protection team, the interaction was clear, professional, and fast. The obstacle was never the people. It was the distance between the front door and the room where the document lives.

Neither vendor is wrong about how they handle this. AWS built a Rube Goldberg delivery mechanism — a PDF portfolio containing an XLSX that requires command-line extraction. Google built a Kafka-esque bureaucratic fortress where the compliance document is guarded by a tripartite NDA whose existence is unknown to frontline support. Both protect the same class of legally-required document. One cost five minutes and pdfdetach. The other cost eight hours, two LLMs, an escalation manager, and a three-layer legal prebinding structure.

A staff engineer who needs both documents for a compliance package should budget accordingly. We’re not Microsoft customers, but our CMMC advisor tells me their process is just as bad. Three vendors, three obstacle courses, one compliance framework. Good luck out there.