Connect with us

Hi, what are you looking for?


Identity & Access

CISA Releases Cyber Defense Plan to Reduce RMM Software Risks

CISA has published a cyber defense plan outlining strategies to help critical infrastructure organizations reduce the risks associated with RMM software.

The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a strategic plan to help critical infrastructure organizations reduce the risks associated with the use of remote monitoring and management (RMM) solutions.

The newly released RMM Cyber Defense Plan (PDF) was developed by the Joint Cyber Defense Collaborative (JCDC) in line with June 2023 guidance on securing remote access software against malicious attacks and aligns with the CISA Strategic Plan for 2023–2025.

“To support the CISA Strategic Plan, the JCDC RMM Cyber Defense Plan identifies a path forward to reduce risks to—and strengthen the resilience of—America’s critical infrastructure organizations that are dependent upon RMM products,” the agency notes.

The new plan, CISA says, is meant to identify ways in which RMM vendors can improve cybersecurity, as well as mechanisms to sustain cybersecurity collaborations in the area.

“JCDC’s RMM Cyber Defense Plan provides cyber defense leaders in government and industry with a collaborative proposal for mitigating threats to the RMM ecosystem,” the document reads.

According to the plan, the collaboration between the government and the private sector is expected to improve the nation’s critical infrastructure security, and major RMM vendors have already shown willingness to work with the US government in this pursuit.

The cyber defense plan is meant to strengthen collaboration to improve information sharing and visibility, and help develop creative cybersecurity solutions.

Advertisement. Scroll to continue reading.

The plan also highlights the need to improve awareness among small and medium-sized businesses (SMBs) regarding CISA resources and guidance, by educating RMM end-users of the risks associated with using such software and on the steps to be taken to reduce them.

“JCDC has already capitalized on the momentum of collaboration established through this planning effort and have advanced protections through this unique and strategic partnership. The enduring partnership provides a proven forum to drive industry-informed objectives aimed at mitigating risk to downstream SMBs and critical infrastructure operators,” the document reads.

The JCDC RMM Cyber Defense Plan should be regarded as a foundation from which government and industry partners – including managed service providers (MSPs) and managed security service providers (MSSPs) – can align their efforts to improve resilience to malicious attacks, the document suggests.

“Through this effort, CISA and partners across government and the private sector will take steps to measurably reduce some of the most significant cyber risks facing the global cyber community,” CISA notes.

Related: CISA Unveils Cybersecurity Strategic Plan for Next 3 Years

Related: CISA Instructs Federal Agencies to Secure Internet-Exposed Devices

Related: CISA Introduces Secure-by-design and Secure-by-default Development Principles

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem