The National Institute of Standards and Technology (NIST) is tackling managed service provider (MSPs) cybersecurity by developing a customizable reference model that MSPs can adapt to fit their program needs.
The first draft of the guidance, Improving Cybersecurity of Managed Service Providers, is open for public feedback until Nov. 8. Once the draft is finalized, the leaders of the project at the National Cybersecurity Center of Excellence (NCCoE) will outline solutions that align with the NIST Cybersecurity framework and industry best practices.
According to the draft, the project will include three MSP scenarios that present a cybersecurity challenge. The scenarios will focus on asset management, access management and tracking events data and incidents to demonstrate a wide range of common challenges. Via example solutions to these dilemmas, NCCoE will highlight how organizations can realistically integrate risk assessments, data security, continuous monitoring, and other strategies into existing standards.
NCCoE addresses challenges faced by MSPs managing cybersecurity – such as talent shortage and lack of technology integration experience – in the draft of the proposal and says that they hope this project will result in “a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design.”
MSPs are a cost-efficient way to manage IT services remotely but can be susceptible to cyberattacks. Cybercriminals frequently target MSPs to compromise sensitive information or install ransomware because it provides a direct pathway into customers’ networks.