IT and Business Insights for SMB Solution Providers

Federal Government Hands MSPs Big Opportunities: Page 2 of 2

HIPAA Safe Harbor law and DoD’s CMMC interim rule offer huge financial incentives for shoring up cybersecurity—which means cost justification for hiring MSPs.

In the meantime, the Defense Federal Acquisition Regulation Supplement (DFARS) purchasing requirements were updated with an interim rule that went into effect at the end of November 2020.

Most defense contracts have included a DFARS requirement for cybersecurity that required contractors to implement the 110 cybersecurity controls in NIST SP 800-171 by the end of 2017. This requirement was largely ignored by many contractors.

The interim rule now requires contractors to upload a self-assessment score into a DoD database to qualify for new defense contracts and renewals of existing contracts. Contractors are subject to audit by the DoD and must be ready with specific documentation and evidence of their compliance.

The interim rule is a huge opportunity for MSPs. If defense contractors fail to comply, they will not qualify for new contracts or contract renewals. If they post a false score, and fail a DoD audit, their defense contracts—in many cases their main source of income—can be cancelled. They can also be banned from future contracts and sued by the government under the federal False Claims Act for three times what they have been paid by the DoD. False attestations can also be prosecuted criminally.

Start with NIST

MSPs need to prepare before jumping on these opportunities:

  1. Build a good foundation of services to help businesses implement either the NIST CSF’s 98 cybersecurity controls or NIST 800-171’s 110 controls for defense contractors. Many of the requirements in the NIST frameworks are similar, so it’s not difficult to develop managed services and compliance services that align with both.
  2. Take time to really understand the healthcare and defense requirements. You don’t need to become an expert, which could take years, but you should be able to speak knowledgeably with prospects and clients. When I started in compliance, I had to blaze a new trail by learning everything and then figuring out what I needed to do as an MSP to help clients. To help you accelerate your success, I developed Semel Systems’ NIST CSF System, HIPAA for Profit, and CMMC Compliance for Profit.
  3. Reduce your risks and your liability by protecting your MSP business and your investment. Check out my article "MSP Sued! Are You Ready?"

Don’t miss these huge opportunities to differentiate your company, help your clients, and make lots of money.

Images: iStock

About the Author

Mike Semel's picture

MIKE SEMEL is a CMMC Registered Practitioner and Certified Security Compliance Specialist. As a former MSP and founder of Semel Consulting, he provides advisory services to MSPs and end users for compliance, cybersecurity, and business continuity planning.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.