Today, CISA released the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC). This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat actors can gain footholds via RMM software into managed service providers (MSPs) or manage security service providers (MSSPs) servers and, by extension, can cause cascading impacts for the small and medium-sized organizations that are MSP/MSSP customers.
This release builds off the JCDC 2023 Planning Agenda and marks a major milestone in the continued evolution and maturation of the Collaborative’s development to satisfy JCDC’s core functions:
Developing and coordinating cyber defense plans
Operational collaboration and cybersecurity information fusion
Producing and disseminating cyber defense guidance
Through this effort, CISA and partners across government and the private sector will take steps to measurably reduce some of the most significant cyber risks facing the global cyber community.
CISA encourages organizations to review JCDC’s RMM Strategic Cyber Defense Plan and 2023 Planning Agenda webpages. Visit CISA.gov/JCDC to learn about other ways JCDC is uniting the global cyber community in the collective defense of cyberspace.