A new plan published by CISA through JCDC provides a roadmap to address systemic risks by advancing security and resilience of the RMM ecosystem.

The Cybersecurity and Infrastructure Security Agency (CISA) published the Cyber Defense Plan for Remote Monitoring and Management (RMM), the first proactive plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of their 2023 Planning Agenda. This plan provides a roadmap to advance security and resilience of the RMM ecosystem and further specific lines of effort in the National Cyber Strategy to scale public-private collaboration and in the CISA Cybersecurity Strategic Plan to drive adoption of the most impactful security measures.

Organizations across sectors leverage RMM products to gain efficiencies and benefit from scalable services. These same benefits, however, are increasingly targeted by adversaries – from ransomware actors to nation-states – to compromise large numbers of downstream customer organizations. By targeting RMM products, threat actors attempt to evade detection and maintain persistent access, a technique known as living off the land.

Part of the 2023 Planning Agenda, the RMM Cyber Defense Plan provides a roadmap to advance security and resilience of this critical ecosystem, including RMM vendors, managed service providers (MSPs), managed security service providers (MSSPs), small and medium sized businesses (SMBs) and critical infrastructure operators. This plan was developed through a multi-month process that leveraged expertise by vendors, operators, agencies and other stakeholders, and has already resulted in publication of the joint advisory on Protecting Against Malicious Use of Remote Monitoring and Management Software.

The RMM Cyber Defense Plan is built on two foundational pillars, operational collaboration and cyber defense guidance, and contains four subordinate lines of effort:

• Cyber threat and vulnerability information sharing: Expand the sharing of cyber threat and vulnerability information between U.S. government and RMM ecosystem stakeholders.
• Enduring RMM operational community: Implement mechanisms for an enduring RMM operational community that will continue to mature scaled security efforts.
• End-user education: Develop and enhance end-user education and cybersecurity guidance to advance adoption of strong best practices, a collaborative effort by CISA, interagency partners and other RMM ecosystem stakeholders.
• Amplification: Leverage available lines of communication to amplify relevant advisories and alerts within the RMM ecosystem.