CompTIA has unveiled a new certification program to help MSPs achieve foundational cybersecurity hygiene, which the company says will help organizations lay the groundwork for a functional security program.
The CompTIA Cybersecurity Trustmark will allow MSPs to elevate their cybersecurity awareness and readiness. The announcement was made during the opening keynote session of the CompTIA Communities & Councils Forum in Chicago.
More than 400 technology companies from around the world have joined the wait list for the CompTIA Cybersecurity Trustmark, including some who have participated in beta tests and early pilots of the program, according to Wayne Selk, vice president for cybersecurity programs at CompTIA and executive director of the CompTIA ISAO.
Selk commented:
“The goal of the CompTIA Cybersecurity Trustmark program is to raise awareness and understanding of cybersecurity throughout an MSP organization. We believe the trustmark will help MSPs bring about a positive shift in their overall security culture and have a positive impact on their risk posture.”
Matching MSP Demand
The new trustmark is a successor to the previous CompTIA Security+ Trustmark. The company says it was motivated by the uniqueness of the MSP market to update the certification.
Selk noted that most MSPs serve multiple customers in various industries with different compliance and regulatory environments.
To keep the new credential current and relevant to the changing cybersecurity landscape, CompTIA intends to make major revisions to the trustmark program each year and minor adjustments every six months, the company said.
Trustmark Details
The trustmark maps to several control frameworks recognized as industry-accepted best cybersecurity practices, the company said, including the Center for Internet Security® Critical Security Controls, ISO/IEC 27001, the National Institute of Standards and Technology (NIST) SP 800-171, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the New York Department of Financial Services (NYDFS) Cybersecurity Regulation.
Companies that participate in the CompTIA Cybersecurity Trustmark program will work toward reaching three distinct milestones:
- A readiness path to help MSPs baseline their current security and risk posture, including a gap analysis and a mentor, if desired.
- Once the organization is ready, the self-attestation path includes an audit review of a subset of controls and provides a report, which will give the organizational stakeholders a list of actions and additional milestones to complete on the journey toward the full audit to earn the trustmark.
- The last path is to go through a full audit of all the controls and provide the required evidence. Upon that audit review, you will receive another report and if accepted by the auditor, the application will be sent to the Accreditation Board for review, approval and acceptance for the awarding of the trustmark accreditation.