This is a potential security issue, you are being redirected to https://csrc.nist.gov
Special Publications (SPs)
Security & Privacy
Laws & Regulations
Activities & Products
Computer Security Division
Applied Cybersecurity Division
Date Published: [April 2020]
National Cybersecurity Center of Excellence
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) developed this publication to help managed service providers (MSPs) improve their cybersecurity and the cybersecurity of their customers. MSPs have become an attractive target for cyber criminals. When an MSP is vulnerable its customers are vulnerable as well. Often, attacks take the form of ransomware.
Data loss incidents—whether a ransomware attack, hardware failure, or accidental or intentional data destruction—can have catastrophic effects on MSPs and their customers. This document provides recommendations to help MSPs conduct, maintain, and test backup files in order to reduce the impact of these data loss incidents. A backup file is a copy of files and programs made to facilitate recovery. The recommendations support practical, effective, and efficient back-up plans that address the NIST Cybersecurity Framework Subcategory PR.IP-4: Backups of information are conducted, maintained, and tested. An organization does not need to adopt all of the recommendations, only those applicable to its unique needs.
This document provides a broad set of recommendations to help an MSP determine:
Detailed Guide with Recommendations
Brief Guide (pdf)
Project: Improving Cybersecurity of Managed Service Providers (other)
Security and Privacymalware; planning; program management