4 Phases Implementation Process
The main problem with NIST Assessments is that they focus only on the assessment piece and on the complete Cyber Security Development Lifecycle. Without proper education, qualification, assessment, action plans, responsibility settings and a service offering the cyber security process breaks.
It leads to a long decision-making process which makes it harder for the MSP to push through the necessary changes with clients. It makes it hard to maintain the development momentum and demonstrate progress after the investments.