Security News > 2022 > January > UK mulls making MSPs subject to mandatory security standards where they provide critical infrastructure
NIS is the main law controlling security practices in the UK today.
Currently a straight copy of the EU NIS Directive, one of the benefits of Brexit leapt upon by the Department for Digital, Culture, Media and Sport is the new ability to amend NIS's reporting thresholds.
Bringing MSPs under NIS "Would provide a baseline for expected cybersecurity provision and better protect the UK economy and critical national infrastructure from cyber security threats," as UK.gov said in a consultation document issued on Wednesday.
Its plans are for MSPs, currently not subject to NIS, to be brought into the fold.
In essence, if an "Operator of essential services" or a critical national infrastructure business outsources something to your MSP, prepare for NIS compliance.
Enforcement of NIS is carried out by the ICO, which is getting a funding bonus if Parliament nods through the NIS amendments.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/01/20/uk_nis_regulations_msp_plans/
Related news
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- One-Third of UK Teachers Lack Cybersecurity Training, While 34% Experience Security Incidents (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- The story behind the Health Infrastructure Security and Accountability Act (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)