Reposted from CISA
As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) published the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of its 2023 Planning Agenda. This plan provides a clear roadmap to advance security and resilience of the RMM ecosystem, expands specific lines of effort in the National Cyber Strategy to increase public-private collaboration, and drives adoption of the most impactful security measures in the CISA Cybersecurity Strategic Plan.
RMM is a software that is installed on an endpoint to continuously monitor a machine or system’s health and status. It also enables remote unattended administration functions including modification to the endpoint’s security configuration, installed applications, and local accounts.
Organizations across sectors leverage RMM products to gain efficiencies and benefit from scalable services. These same products and services, however, are increasingly targeted by adversaries – from ransomware actors to nation-states – to compromise large numbers of downstream customer organizations. By targeting RMM products, threat actors attempt to evade detection and maintain persistent access through a technique known as “living off the land.”
JCDC worked with key partners for several months to develop the JCDC RMM Cyber Defense Plan to help cyber defense leaders in government and the private sector collectively mitigate threats to the RMM ecosystem. The plan is built on two foundational pillars, operational collaboration and cyber defense guidance, and contains four subordinate lines of effort:
(1) Cyber Threat and Vulnerability Information Sharing: Expand the sharing of cyber threat and vulnerability information between U.S. government and RMM ecosystem stakeholders.
(2) Enduring RMM Operational Community: Implement mechanisms for an enduring RMM operational community that will continue to mature scaled security efforts.
(3) End-User Education: Develop and enhance end-user education and cybersecurity guidance to advance adoption of strong best practices, a collaborative effort by CISA, interagency partners and other RMM ecosystem stakeholders.
(4) Amplification: Leverage available lines of communication to amplify relevant advisories and alerts within the RMM ecosystem.
We are confident that this public-private collaboration in the RMM ecosystem, led by JCDC, will further reduce risk to our nation’s critical infrastructure.
See Original Post
