NCCoE Releases New Project Description – Improving Cybersecurity of Managed Service Providers

The National Cybersecurity Center of Excellence (NCCoE) is excited to announce the release of the new draft project description: Improving Cybersecurity of Managed Service Providers. We are seeking your feedback on this draft to help refine the challenge and scope of the project.

Many small and medium sized businesses use managed service providers (MSPs) to manage their organization’s information technology (IT) infrastructure, cybersecurity, and related business operations. As a result, MSPs have become an attractive target for cyber criminals. Businesses rely on MSPs to implement cybersecurity technologies and processes to reduce the risk of cyber threats. When an MSP is vulnerable to a cyber attack, it also increases the vulnerability to the businesses that it supports.

The goal of this project is to provide guidance that will help managed service providers improve their cybersecurity posture, and therefore reduce the cybersecurity vulnerability of small and medium sized businesses. The solution will use security controls that adhere to the NIST Cybersecurity Framework and industry standards and best practices. The project will be result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to integrate the following cybersecurity functions into your organizations:

  • asset management
  • risk assessments
  • identity management, authentication, and access control
  • data security
  • security continuous monitoring

If you are interested in joining this Community of Interest to stay up-to-date on the progress of this project and provide additional feedback, email us at