One of the most significant takeaways of the White House's recently unveiled National Cybersecurity Strategy is the assertion that software developers, OEMs, and technology service providers must bear the brunt of the responsibility -- rather than end-users -- for keeping cyber environments secure. With the looming prospect of further legislation and regulations looming that could impose greater liabilities on software products and services, MSSPs and other cyber services providers must understand where they fit into the overall scheme of things. Are MSSPs an extension of the end-user or are they one of the upstream providers who will be held accountable when cyberattacks occur? In what ways will the burdens on MSSPs be reduced or shifted due to federal efforts around coordinated vulnerability disclosure, SBOM use and other supply chain security strategies? This segment will explore these key issues. There's a lot that goes into the creation of a managed services contract before the client ever puts their John Hancock on the dotted line. As an MSSP, you want to make sure that expectations, for both sides of the relationship are spelled out clearly and cogently. The language within must address key terms and stipulations related to payments, roles and responsibilities, scope and scale of services, liability, and plenty more. In this segment, we'll discuss some of the most important clauses to include in your MSSP contracts, and how to avoid unfortunate omissions or vagueness that can result in confusion or disputes down the line.

Show Notes: https://securityweekly.com/cfh-29