Kaseya has rolled out customer responsibility matrices (CRMs) for a set of critical products MSPs use to ensure their customers meet Cybersecurity Maturity Model Certification (CMMC) requirements, and have the tools, and capabilities, necessary to meet compliance standards for their businesses and customers.
A CRM document identifies the appropriate individual for implementing, managing and maintaining cybersecurity controls to prevent gaps in compliance.
Brian Hubbard, President, Evolved Cyber, LLC and Lead CCA said: “As a Lead Certified CMMC Assessor (CCA), the availability of a well-developed Customer Responsibility Matrix for cloud-based Security Protection Assets (SPAs) — like those provided by Kaseya — greatly streamlines the assessment process.
“When an OSC includes a CRM that clearly delineates responsibilities between the organisation and the External Service Provider (ESP), it allows me to quickly verify which party is accountable for each relevant security requirement and whether appropriate evidence has been provided.”
Software vendors required to meet CMMC are mandated to create CRMs, and MSPs working with the Department of Defense (DoD) and other agencies, must demonstrate cybersecurity capabilities to safeguard sensitive information.
As many organisations demand support to comply with evolving compliance frameworks, MSPs are adopting standardised security protocols, conducting regular audits, and implementing advanced monitoring tools to ensure adherence to federal cybersecurity requirements.
“In order to provide support to our partners, Kaseya has begun publishing CMMC Customer Responsibility Matrices product by product,” said Jon DePerro, Vice President, FedRAMP and Compliance Solutions at Kaseya (pictured).
Kaseya employed ControlCase, a CMMC C3PAO to document and validate the customer responsibility matrices.
The first group of matrices released includes Datto RMM, VSAX, IT Glue, vPenTest, Vulscan, Network Detective Pro, and Compliance Manager GRC, with more planned to be published before the end of the year.
“Kaseya is taking ownership and is developing this body of work for the MSP community to allows MSPs to show their value, and partner with their customers, and ensure compliance standards are being met,” added Joshua Hoffman, Chief Revenue Officer, ControlCase.