Security News > 2022 > January > UK mulls making MSPs subject to mandatory security standards where they provide critical infrastructure

NIS is the main law controlling security practices in the UK today.
Currently a straight copy of the EU NIS Directive, one of the benefits of Brexit leapt upon by the Department for Digital, Culture, Media and Sport is the new ability to amend NIS's reporting thresholds.
Bringing MSPs under NIS "Would provide a baseline for expected cybersecurity provision and better protect the UK economy and critical national infrastructure from cyber security threats," as UK.gov said in a consultation document issued on Wednesday.
Its plans are for MSPs, currently not subject to NIS, to be brought into the fold.
In essence, if an "Operator of essential services" or a critical national infrastructure business outsources something to your MSP, prepare for NIS compliance.
Enforcement of NIS is carried out by the ICO, which is getting a funding bonus if Parliament nods through the NIS amendments.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/01/20/uk_nis_regulations_msp_plans/
Related news
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- UK urges critical orgs to adopt quantum cryptography by 2035 (source)
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools (source)
- How AI agents could undermine computing infrastructure security (source)
- UK NCSC offers security guidance for domain and DNS registrars (source)
- 3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Bill (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)