MSP Cybersecurity Initiative: NIST, NCCoE Seek Comments

Credit: National Institute of Technology and Standards

The National Cybersecurity Center of Excellence (NCCoE), part of NIST, has announced “Improving Cybersecurity of Managed Service Providers,” a project designed to deliver a cybersecurity reference model that MSPs can customize to fit their cybersecurity program needs.

NCCoE’s project helps MSPs implement IT architecture that reduces security vulnerabilities, according to the organization. It also provides MSPs with guidance so they can adopt cybersecurity technologies and techniques that result in better security for themselves and their small and medium-sized business (SMB) customers.

What Does NCCoE’s Project Mean for MSPs?

NCCoE will build a standards-based, modular and end-to-end example solution(s) to help MSPs address cybersecurity challenges aligned to the National Institute of Standards and Technology (NIST) Cybersecurity Framework v1.1, the organization stated. This approach may include architectural model definition, logical design, build development, test and evaluation and security control mapping.

In addition, NCCoE will use the project to produce a publicly available NIST Cybersecurity Practice Guide. With this guide, MSPs can implement a cybersecurity reference architecture model.

NCCoE is seeking comments to help refine the challenge and scope of its project, and it will accept project feedback until Nov. 8.

MSPs, CSPs Susceptible to Ransomware Attacks

Hackers worldwide have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

Still, the attacks continue. The fallout has included:

Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.

Additional insights from Joe Panettieri.


Return Home

1 Comment



    Hey Joe,

    In speaking with Harry Perper, he shared the following statement so vendors can participate in this reference guide. “Vendors that would like to help the NCCoE on this project should monitor the Federal Register ( for NCCoE notices. Sign up for a free account and then create a “subscription”/alert to get emails when NCCoE publishes notices that invite vendors to participate on projects we announce.“

Leave a Reply

Your email address will not be published.