Google and Salesforce have announced the creation of a vendor-neutral security baseline called the Minimum Viable Security Product (MVSP), which they said was an effort to “raise the bar for security while simplifying the vetting process.”
MVSP was also developed and backed by Okta, Slack and more. Google vice president of security Royal Hansen said it was “designed to eliminate overhead, complexity and confusion during the procurement, RFP and vendor security assessment process by establishing minimum acceptable security baselines.”
“With MVSP, the industry can increase clarity during each phase so parties on both sides of the equation can achieve their goals, and reduce the onboarding and sales cycle by weeks or even months,” Hansen said.
“MVSP is a collaborative baseline focused on developing a set of minimum security requirements for business-to-business software and business process outsourcing suppliers. Designed with simplicity in mind, it contains only those controls that must, at a minimum, be implemented to ensure a reasonable security posture. MVSP is presented in the form of a minimum baseline checklist that can be used to verify the security posture of a solution.”
Companies have long had to create their own security baselines for their vendors that complicates the process, is difficult to assemble