NIST (National Institute of Standards and Technology) SP 800-171 is a major initiative put forth by the federal government to help ensure the safety and security of critical documents, Controlled Unclassified Information (CUI), and other related assets being held by Department of Defense (DoD) contractors. This is to ensure that sensitive federal information remains confidential when stored in non-federal information systems and organizations.
In November 2013, DoD published Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 which requires the safeguarding of Controlled Unclassified Information (CUI) that resides or transits on contractor and vendor information systems, as well as the reporting of all cyber incidents (i.e. data breaches) on said systems within 72 hours of occurrence.
Examples of Defense information qualifying as CUI include:
- Research and engineering data
- Engineering drawings and associated lists
- Process sheets
- Technical reports
- Technical orders
- Catalog-item identifications
- Data sets
- Studies and analyses and related information
- Computer software executable code
- Source code
The DoD rule mandates that companies implement information security standards and guidelines as laid out by the National Institute of Standards and Technology in Special Publication 800-171 (NIST SP 800-171). NIST SP 800-171 comprises 110 separate security requirements relating to securing your CUI, and ALL federal contractors and their supply chains must adapt or face losing contract opportunities.
The Compliance Challenge
Developing, implementing, and executing a NIST compliance plan goes far beyond a standard piece of hardware, hastily written policies, or basic IT implementation services. This can be extremely complex and costly for smaller workforces with limited IT capabilities and budgets.
If a company outsources IT, they are responsible for the NIST compliance of their IT firm.
Does your security system provide active Network Intrusion Detection and Prevention?
If you have a breach, would you be able to provide comprehensive logs of your audit and reporting processes for the previous 90 days?
Can you scan for vulnerabilities in your information system and applications – both periodically and when new vulnerabilities are identified?
Can you collect detailed information towards a hacker’s intention? And then logically present it through playback logs, visualizations, and geographic location?
Answering NO to any of these questions could mean your business is at risk for losing current and future federal contracts.
Under these new rules, ALL contractors and their supply chain (regardless of size or resources) MUST safeguard this Controlled Unclassified Information (CUI) in accordance with cybersecurity standards prescribed by the government.
NIST SP 800-171 is comprised of 110 separate security requirements from 14 control families. The NeQter Labs team has mapped these into specific actions to put you on the path to compliance
Awareness & Training
Audit & Accountability
Identification & Authentication
System & Communication Protection
System & Information Integrity
The NeQter Labs Solution
NeQter Labs knows the cybersecurity and compliance challenges that those in the defense sector face. Our team has decoded the NIST SP 800-171 requirements and mapped them to specific actions across three main areas:
Auditing & Accountability Policies & Procedures implementations/Best Practices
Auditing & Accountability
Policies & Procedures
The NeQter Labs Cybersecurity Suite combines dedicated hardware, custom software, and knowledgeable support services for a cost-effective, manageable compliance solution freeing you to focus on business.
Its modular platform offers the network security framework necessary to put your company’s information technology and cybersecurity plan in complete alignment with the Defense Department’s information security objective.
This means not only reduced risk of cyber incidents but also an ability to audit network activity if incidents do occur.