MSPs have become an attractive target for cyber criminals. As a result, an MSP could benefit from improving its own cybersecurity through implementing a secure IT architecture that reduces vulnerabilities to attacks such as ransomware. When an MSP is vulnerable to a cyber attack, it also increases the vulnerability to the small-and medium-size businesses (SMBs) that it supports. SMBs rely on MSPs as trusted partners for their cybersecurity needs and to help them address challenges in implementing cybersecurity technologies, including cost and staff expertise. Unfortunately, many MSPs face challenges similar to those of SMBs, including a cybersecurity talent shortage and a lack of cybersecurity technology integration experience. To address these challenges, this project will provide MSPs with informed guidance that will enable them to adopt cybersecurity technologies and techniques that result in better security for themselves and their SMB customers. The goal of this project is to provide a cybersecurity reference model that MSPs can customize to fit their cybersecurity program needs.

Publication of this project description begins a process that will further identify project requirements, scope, and hardware and software components for use in a laboratory environment. In the laboratory, the NCCoE will build a standards-based, modular, and end-to-end example solution(s) that will address a set of cybersecurity challenges aligned to the NIST Cybersecurity Framework v1.1, listed in Table 2 in the Scope section. The approach may include architectural model definition, logical design, build development, test and evaluation, and security control mapping. This project will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.