CompTIA announced the global availability of its new Cybersecurity Trustmark today during the opening keynote session of the CompTIA Communities & Councils Forum being held this week in Chicago. The nonprofit association for the IT industry and workforce “soft launched” the new certification during ChannelPro’s Cybersecurity Online Summit event on December 7.
The CompTIA Cybersecurity Trustmark, a successor to the previous CompTIA Security+ Trustmark that was based on the NIST Cybersecurity Framework, is designed to help managed service providers (MSPs) and solution providers elevate their cybersecurity awareness and readiness. It details a clear path for MSPs to achieve foundational cybersecurity hygiene, laying the groundwork for a functional security program within the organization.
“The goal of the CompTIA Cybersecurity Trustmark program is to raise awareness and understanding of cybersecurity throughout an MSP organization,” said Wayne Selk (pictured), vice president for cybersecurity programs at CompTIA and executive director of the CompTIA ISAO, in a press statement. “We believe the trustmark will help MSPs bring about a positive shift in their overall security culture and have a positive impact on their risk posture.”
The trustmark maps to several control frameworks recognized as industry-accepted best cybersecurity practices, including the Center for Internet Security Critical Security Controls, ISO/IEC 27001, the National Institute of Standards and Technology SP 800-171, the Health Insurance Portability and Accountability Act of 1996, and the New York Department of Financial Services (NYDFS) Cybersecurity Regulation.
Companies that participate in the CompTIA Cybersecurity Trustmark program will work toward reaching three distinct milestones.
- A readiness path to help MSPs baseline their current security and risk posture, including a gap analysis and a mentor, if desired.
- Once the organization is ready, the self-attestation path includes an audit review of a subset of controls and provides a report, which will give the organizational stakeholders a list of actions and additional milestones to complete on the journey toward the full audit to earn the trustmark.
- The last path is to go through a full audit of all the controls and provide the required evidence. Upon that audit review, the MSP will receive another report and if accepted by the auditor, the application will be sent to the Accreditation Board for review, approval, and acceptance for the awarding of the trustmark accreditation.
The new trustmark launches with the “clear understanding there is more to do for the MSP community,” Selk acknowledged. “That is by design,” he explained. “We need industry adoption while raising awareness and understanding on why security controls are important.”
The uniqueness of the MSP market is a key motivator in CompTIA’s decision to introduce the new cybersecurity trustmark. Selk noted that most MSPs serve multiple customers in various industries with different compliance and regulatory environments.
To keep the new credential current and relevant to the changing cybersecurity landscape, CompTIA intends to make major revisions to the trustmark program each year and minor adjustments every six months.
More than 400 technology companies from around the world have joined the wait list for the CompTIA Cybersecurity Trustmark, including some who have participated in beta tests and early pilots of the program, according to Selk.
Companies interested in learning more about the CompTIA Cybersecurity Trustmark or adding their name to the waitlist can go here.