NIST 800-171 Special Publication Compliance Assessment
You are here: Home \ NIST 800-171 Special Publication Compliance Assessment
NIST 800-171 Compliance Requirements – Assess your Organization
The National Institute of Standards and Technology (NIST) 800 Series publications were created and have evolved as a result of deep research into finding effective solutions for optimizing the security of information technology (IT) systems and networks. The publications include all NIST-recommended procedures and criteria for evaluating and tracking vulnerabilities and threats for implementing IT security controls to minimize the risk of incidents or attacks.
What Is NIST 800-171?
NIST published Special Publication 800-171, Protecting Controlled Unclassified Information (CUI) or “sensitive but unclassified” information in Nonfederal Information Systems and organizations in June 2015. The goal of the publication is to provide direction to federal agencies to ensure that sensitive federal data and information is protected when processed, stored, and used outside of the federal government in non-federal information systems.
NIST 800-171 applies to Controlled Unclassified Information shared by the federal government with a non-federal organization. The federal government often provides and shares data with private non-governmental institutions for research purposes. NIST 800-171 applies when the federal government shares controlled unclassified information with higher education institutions. However, more broadly, the controls specified in NIST 800-171 will need to be addressed in those IT systems that store any Controlled Unclassified Information or sensitive but unclassified information provided by the federal government.
NIST 800-171 Requirements and Responses
Federal contracts will begin to detail the Controlled Unclassified Information shared by the federal government and thus require NIST 800-171 compliance. Organizations and companies will then be obligated to make certain that those persons using CIS and the systems processing such data are trained on the requirements established by NIST 800-171. The training is detailed and time consuming with multiple modules and detailed information concerning the handling of data and the systems in which they are stored.
Complying with NIST 800-171?
Institutions continue to be impacted by NIST Special Publication 800-171 in order to upgrade the controls for the data they receive from the federal government and the systems on which they are stored.
Controlled Unclassified Information includes data received as part of a research grant or to conduct business.
NIST 800-171 applies to data that the federal government designates as Controlled Unclassified Information when they are shared by the federal government with a non-federal entity and there is no other law in place to protect the data.
Organizations need to review their contracts with the federal government. There must have a contract referencing the data the federal agency is sharing and language that suggests that the institution must follow the requirements of NIST 800-171.
The audience for NIST 800-171 is developers in the SDLC process, project managers, procurement, risk management personnel and anyone else who handles CUI
Want to know more about NIST 800-171 Compliance? Contact us.
800-171 Controls and Risk Assessment
As part of NIST 800-171, your organization is required to have a formal risk assessment from a qualified 3rd party firm. Our patented methodology is designed to help save your organization time and resources by creating a control framework mapping designed for your organization. We can help you test and comply with multiple frameworks simultaneously.
Hitachi Systems Security provides the advanced penetration testing services for networks and web applications needed to comply with NIST 800-171. Further, our tailored penetration testing services will help prepare your infrastructure to meet the challenges of your 800-171 certification audit.
Hitachi Systems Security is a Global IT Security Service Provider who builds and delivers customized services for monitoring and protecting the most critical and sensitive IT assets in your infrastructures 24/7