Miami, FL, August 19, 2025 – Kaseya, the leading global provider of AI-powered IT management and cybersecurity software, announced today that it has rolled out customer responsibility matrices (CRMs) for a set of critical products managed service providers (MSPs) use to ensure their customers meet Cybersecurity Maturity Model Certification (CMMC) requirements. A CRM document identifies the appropriate individual for implementing, managing and maintaining cybersecurity controls to prevent gaps in compliance.
“As a Lead Certified CMMC Assessor (CCA), the availability of a well-developed Customer Responsibility Matrix for cloud-based Security Protection Assets (SPAs)—like those provided by Kaseya—greatly streamlines the assessment process,” said Brian Hubbard, President, Evolved Cyber, LLC and Lead CCA. “When an OSC includes a CRM that clearly delineates responsibilities between the organization and the External Service Provider (ESP), it allows me to quickly verify which party is accountable for each relevant security requirement and whether appropriate evidence has been provided.”
Software vendors required to meet CMMC are mandated to create CRMs, and MSPs working with the Department of Defense (DoD) and other agencies, must demonstrate cybersecurity capabilities to safeguard sensitive information. As organizations of all sizes demand support to comply with evolving compliance frameworks, MSPs are increasingly adopting standardized security protocols, conducting regular audits, and implementing advanced monitoring tools to ensure adherence to federal cybersecurity requirements.
“In order to provide best-in-class support to our partners, Kaseya has begun publishing CMMC Customer Responsibility Matrices product by product,” said Jon DePerro, Vice President, FedRAMP and Compliance Solutions at Kaseya. “We understand the complexities around CMMC, and want to ensure our customers have the tools, and capabilities, necessary to meet compliance standards, not only for their businesses, but their customers too.”
Kaseya employed ControlCase, a leading CMMC C3PAO to document and validate the customer responsibility matrices. The first group of matrices released includes Datto RMM, VSAX, IT Glue, vPenTest, Vulscan, Network Detective Pro, and Compliance Manager GRC, with more planned to be published before the end of the year.
“Kaseya is taking ownership and is at the forefront of developing this body of work for the MSP community,” said Joshua Hoffman, Chief Revenue Officer, ControlCase. “This allows MSPs to show their value, and partner with their customers, and ensure compliance standards are being met.”
For more information, go here.