Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

December 7, 2022 |

CompTIA Introduces Cybersecurity Trustmark

The new credential aims to help MSPs earn third-party validation that they employ rigorous best practices to ensure the safety of their own environment and end user environments, according to CompTIA’s Wayne Selk (pictured).

CompTIA has announced a new credential designed to help managed service providers position themselves to end users and cyber insurers as leaders in security best practices.

The IT membership organization soft launched the new certification, called the Cybersecurity Trustmark, during ChannelPro‘s Cybersecurity Online Summit event today.

“The goal and objective that I have for this in the next three to five years is for it to actually become the globally adopted industry standard,” says Wayne Selk, vice president of cybersecurity programs at CompTIA and executive director of its security information sharing and analysis organization (ISAO).

Built around a customized, MSP-specific set of controls borrowed from NIST, the Center for Internet Security, the ISO 27000 standard, and other respected sources, the credential aims to provide a roadmap channel pros can use to earn third-party validation that they employ rigorous measures to ensure the safety of their own environment and end user environments. 

“What we’re trying to do is give them the absolute foundational set of controls that can best protect their business today and also at the same time get them sixty to seventy percent of the way there if they need to get SOC 2 Type 2 [certification],” Selk says.

Tentatively scheduled to launch officially next March, the Cybersecurity Trustmark will replace CompTIA’s existing Security Trustmark+, which debuted in 2008 and was last updated in 2014. CompTIA members and other channel pros can add themselves to the credential’s wait list now.

When fully in place, the infrastructure surrounding the trustmark program will include a set of accredited outside auditors. “They’ll understand the standard, they’ll understand the controls, and they’ll completely understand the guidance that goes with those controls,” Selk explains. 

After being audited, MSPs will apply to a forthcoming accreditation board for final, formal designation as Cybersecurity Trustmark holders.

Channel pros will clear three stages on the road to achieving full-blown Cybersecurity Trustmark status, beginning with a “readiness path” in which they assess their current compliance with the new credential’s recommended best practices.

“You buddy up with somebody who’s kind of gone through implementing a lot of these controls already in their business,” Selk says. “The goal there is to help the organization identify gaps.”

At the self-attestation stage, MSPs must document, on their own with oversight from the accreditation board, that they meet trustmark requirements. To reach the fully audited stage, they must get an audit report from a certified third-party auditor and final approval from the accreditation board.

Selk foresees two primary motivations for completing that process, beginning with the ability to do more business with customers subject to regulatory mandates. “Those individuals specifically are looking for something other than the word of the MSP saying, ‘hey, we’ve got you covered,'” Selk notes.

More importantly, he continues, having the Cybersecurity Trustmark will eventually help MSPs get cyber insurance coverage for their customers and tech errors and omissions coverage for themselves more easily. Fully audited trustmark holders in particular could qualify for lower premiums and higher limits on those policies.

CompTIA is already working with cyber insurers to establish the Cybersecurity Trustmark as a standard for assessing how risky policy applicants are, notes Selk, pointing to FifthWall Solutions as an early example. 

“None of the carriers or underwriters have actuary data aligned to a set of best practices,” Selk notes, which is one the biggest reasons their premiums keep going up and their questionnaires keep getting longer. “The cyber insurance carriers don’t understand the risk.”

Fees for Cybersecurity Trustmark status have yet to be finalized. Selk hopes to charge $1,250 for completing the self-attestation process and $2,500 for being fully audited, drawing on financial support from vendors and distributors to hold rates substantially below the $25,000 often required to gain SOC 2 Type 2 status. CompTIA members, he notes, will pay even less.

Selk calls the Cybersecurity Trustmark a standard rather than a framework, and therefore compatible with MSPs-focused frameworks from vendors like ConnectWise

“They do not have the infrastructure to be able to certify an organization,” he says of the vendor community. “CompTIA has been certifying individuals for 40 years, so we already have that kind of mechanism and infrastructure in place.”

Selk, who was ConnectWise’s senior director of cybersecurity initiatives before joining CompTIA, helped design that company’s framework.

CompTIA is currently piloting the Cybersecurity Trustmark with an invited set of early adopters, and will gradually work its way through companies on the wait list when the credential formally launches next year.

“We want to start small,” Selk says. “We have to build up the auditors. We have to build up the accreditation board. We’ve got to fine-tune processes to make sure that everything’s in lockstep.”

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience