U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Project Description (Initial Public Draft)

Improving Cybersecurity of Managed Service Providers (Supporting Small- and Medium-Sized Businesses)

Date Published: October 2019
Comments Due: November 8, 2019 (public comment period is CLOSED)
Email Questions to: smb_nccoe@nist.gov

Author(s)

Karen Waltermire (NIST), Harry Perper (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is announcing the release of a draft project description on Improving Cybersecurity of Managed Service Providers. 

Many small and medium sized businesses use managed service providers (MSPs) to manage their organization's information technology (IT) infrastructure, cybersecurity, and related business operations. As a result, MSPs have become an attractive target for cyber criminals. When an MSP is vulnerable to a cyber attack, it also increases the vulnerability to the businesses that it supports. 

The goal of this project is to provide guidance that will help managed service providers improve their cybersecurity posture, and therefore reduce the cybersecurity vulnerability of small and medium sized businesses. The solution will use security controls that adhere to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to integrate the following functions into your organization:

  • asset management;
  • risk assessments;
  • identity management, authentication, and access control;
  • data security; and
  • security continuous monitoring.
     

Abstract

Keywords

cybersecurity; managed service provider; MSP; risk management; SMB; small business
Control Families

None selected

Documentation

Publication:
Project Description (pdf)

Supplemental Material:
None available

Document History:
10/08/19: Project Description (Draft)

Topics

Security and Privacy

risk management

Applications

cybersecurity framework, small & medium business