As a Managed Service Provider (MSP) charged with protecting your client’s data, you need to understand your clients’ vulnerability and risk and be able to answer questions such as:
- What security systems does the client currently in place?
- How often does the client train their staff on how to avoid phishing or other attacks?
- Are the client’s solutions and strategies in compliance with regulatory requirements?
- Is the client patching their software on a timely basis?
Understanding your client’s risk is especially important as remote work has become the norm. Employees now work from home, outside the office firewall. Remote workers are more susceptible to cybersecurity attacks. Sensitive and private data can be compromised or leaked. For organizations subject to regulatory requirements, cybersecurity and cyber protection are mandatory to stay compliant, else the organization can face huge penalties in addition to the other costs resulting from an attack. This is why NIST developed a cybersecurity framework.
What is NIST?
NIST is an acronym that stands for the National Institute of Standards and Technology. Founded in 1901, NIST is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. Initially, Congress established NIST to address a major challenge that was obstructing U.S. industrial competitiveness.
“Today, NIST measurements support the smallest of technologies to the largest and most complex of human-made creations—from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks.” NIST’s official website
What is NIST compliance?
Following an executive presidential order, NIST published the NIST Compliance Framework in 2014. The order directed NIST to work with stakeholders to develop a voluntary framework—based on existing standards, guidelines, and best practices—to reduce cyber risks to critical infrastructures and help organizations build, strengthen, and manage their cybersecurity program. The framework provides a common language so that individuals–from experts to generalists–across the organization have a shared understanding of their cybersecurity risks. It also addresses how an organization can reduce risks and respond to and recover from an attack.
The initial stakeholders of the framework were U.S. private-sector owners and operators of critical infrastructures. However, the user base now includes communities and organizations across the globe, including, JP Morgan Chase, Microsoft, Boeing, Intel, Bank of England, Nippon Telegraph and Telephone Corporation, and the Ontario Energy Board.
How the NIST cybersecurity framework benefits Managed Service Providers?
The NIST framework can be used to start conversations with your customers about cybersecurity and risk management. In fact, the NIST Framework enables you to turn your client’s challenges into opportunities. For example, you can:
Reliably protect your customers. The framework helps you and your customers proactively avoid downtime to meet Service Level Agreements (SLAs), auto-adjust your customer’s protection to handle the most current threats and add real-time protection to the most important files.
Control costs and boost margins. The framework helps you speed up and simplify onboarding of new customers and devices, reduce tickets so you can serve more customers with fewer technicians, and centralize customer patching without incurring additional costs.
Keep existing customers and win new ones. By following the framework, you will be able to move more customers to a favorable cyber risk tier, reduce data loss incidents, and better sell your services to customers that have the strictest of compliance requirements.
How to facilitate using the NIST framework with the Acronis security assessment
Acronis has developed a security assessment questionnaire based on the NIST framework to assist you in assessing the security of your potential and existing clients. You can use this questionnaire as a type of cheat sheet that includes 50 questions, answers, and tips. To help you use the tool, Acronis provides both a full assessment questionnaire and a full assessment questionnaire with answers.
The questions are worded in an easy-to-understand language and each question is organized and coded according to the categories of the NIST framework: Identify, Protect, Detect, Respond, and Recover. The related NIST Function and Category Codes follow each question, and a code key is available at the end of the document. Every question includes a bespoke tip and can be tweaked to suite your needs. You can add, edit, and delete content at any time as well as copy content into your own template and add your logo. These questions and the findings will help you will discover insights and provide your team with the information necessary to ascertain the organization’s cybersecurity program and posture.
To use the Acronis assessment tool, Acronis recommends that you:
- Download the free Acronis cybersecurity questionnaire.
- Review the Assessment Questionnaire with Answers (2020 edition) PDF document. A cybersecurity professional reviewed the Assessment Questionnaire and provided simple-to-understand background and answers on why the assessment question is important — and, in many cases, a related tip.
- Customize the questions as you see fit.
- Rebrand the tailored document to create your very own sales enablement tool.
- Use the content to create your own customized assessment tools.
In most cases, your team can interview an IT professional or perform a simple review of endpoints to discover the necessary insights.