Protecting Against Cyber Threats to Managed Service Providers and Their Customers [open pdf - 689KB]
From the Summary: "This advisory describes cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs [managed service providers] and their customers on securing sensitive data. Organizations should implement these guidelines as appropriate to their unique environments, in accordance with their specific security needs, and in compliance with applicable regulations. MSP customers should verify that the contractual arrangements with their provider include cybersecurity measures in line with their particular security requirements."
Product ID: AA22-131A
Cybersecurity and Infrastructure Security Agency: https://www.cisa.gov/