My Thoughts on the CISA MSP Advisory

About MSPAlliance

Founded in 2000, MSPAlliance is the world’s largest community for managed service providers. Free membership gives you access to resources, research, and certification programs that help you build a mature, compliant, and trusted MSP business.

CISA published their advisory bulletin addressing risk considerations for organizations thinking about using managed service providers. This is a great advisory, but it has some areas of potential misinterpretation in it, chiefly because CISA has departed from a security group and expanded into territory in which it has little experience.

Highlights:

What if organizations stopped using MSPs?
Yes, all customers ought to be responsible and consider risks of outsourcing. But, risks of not managing IT are far greater than the risks of outsourcing
Targeting of managed services supply chain vendors is NOT a symptom of poor MSP security, it’s a symptom of the unchecked business of cybercrime

MSP Zone Reading Material: Risk Considerations for MSP Customers | CISA

more insights

You Can’t Sell What You Can’t Describe

December 22, 2025

Federal vs. State Regulation of Artificial Intelligence: Implications for United States National Cyber Hygiene and the Role of Managed Service Providers

December 15, 2025

Is the MSP M&A Market Cooling in 2026?

December 14, 2025