CISA Insights on Risk Considerations for Managed Service Provider Customers

The Cybersecurity and Infrastructure Security Agency (CISA) released a new Insights, Risk Considerations for Managed Service Provider Customers (MSPs), which provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk. As CISA notes, IT managed services can provide cost benefits and operational efficiencies to many organizations. However, managing these services can be complex, costly, and time-consuming. This resource includes best practices and considerations from the National Institute of Standards and Technology and other authoritative sources and is geared towards the three main organizational groups that play a role in reducing overall risk: (1) senior executives and boards of directors; (2) procurement professionals and (3) network administrators, systems administrators, and front-line cybersecurity staff. CISA’s Insights are informed by U.S. intelligence and real-world events, with each Insight providing background information on cyber or physical threats to the nation’s critical infrastructure, as well as a ready-made set of mitigation activities that non-federal partners can implement. Access the Insights at CISA.