Schedule a Demo
Loading...
NIST SP 800-171 Compliance 2017-08-31T12:01:07+00:00

NIST Compliance

NIST (National Institute of Standards and Technology) SP 800-171 is a major initiative put forth by the federal government to help ensure the safety and security of critical documents, Controlled Unclassified Information (CUI), and other related assets being held by Department of Defense (DoD) contractors. This is to ensure that sensitive federal information remains confidential when stored in non-federal information systems and organizations.

NIST SP 800-171 original documentation

Changing Regulations

In November 2013, DoD published Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 which requires the safeguarding of Controlled Unclassified Information (CUI) that resides or transits on contractor and vendor information systems, as well as the reporting of all cyber incidents (i.e. data breaches) on said systems within 72 hours of occurrence.

Examples of Defense information qualifying as CUI include:

  • Research and engineering data
  • Engineering drawings and associated lists
  • Specifications
  • Standards
  • Process sheets
  • Manuals
  • Technical reports
  • Technical orders
  • Catalog-item identifications
  • Data sets
  • Studies and analyses and related information
  • Computer software executable code
  • Source code

The DoD rule mandates that companies implement information security standards and guidelines as laid out by the National Institute of Standards and Technology in Special Publication 800-171 (NIST SP 800-171). NIST SP 800-171 comprises 110 separate security requirements relating to securing your CUI, and ALL federal contractors and their supply chains must adapt or face losing contract opportunities.

The Compliance Challenge

Developing, implementing, and executing a NIST compliance plan goes far beyond a standard piece of hardware, hastily written policies, or basic IT implementation services. This can be extremely complex and costly for smaller workforces with limited IT capabilities and budgets.

If a company outsources IT, they are responsible for the NIST compliance of their IT firm.

  • Does your security system provide active Network Intrusion Detection and Prevention?

  • If you have a breach, would you be able to provide comprehensive logs of your audit and reporting processes for the previous 90 days?

  • Can you scan for vulnerabilities in your information system and applications – both periodically and when new vulnerabilities are identified?

  • Can you collect detailed information towards a hacker’s intention? And then logically present it through playback logs, visualizations, and geographic location?

Answering NO to any of these questions could mean your business is at risk for losing current and future federal contracts.

National Institute of Standards and Technology NIST compliance

Under these new rules, ALL contractors and their supply chain (regardless of size or resources) MUST safeguard this Controlled Unclassified Information (CUI) in accordance with cybersecurity standards prescribed by the government.

NIST SP 800-171 is comprised of 110 separate security requirements from 14 control families. The NeQter Labs team has mapped these into specific actions to put you on the path to compliance

  • Awareness & Training

  • Incident Response

  • Audit & Accountability

  • Access Control

  • Media Protection

  • Maintenance

  • Security Assessment

  • Personnel Security

  • Physical Protection

  • Risk Assessment

  • Configuration Management

  • Identification & Authentication

  • System & Communication Protection

  • System & Information Integrity

The NeQter Labs Solution

NeQter Labs knows the cybersecurity and compliance challenges that those in the defense sector face. Our team has decoded the NIST SP 800-171 requirements and mapped them to specific actions across three main areas:

  • Auditing & Accountability

  • Policies & Procedures

  • implementations/Best Practices

The NeQter Labs Cybersecurity Suite combines dedicated hardware, custom software, and knowledgeable support services for a cost-effective, manageable compliance solution freeing you to focus on business.

Its modular platform offers the network security framework necessary to put your company’s information technology and cybersecurity plan in complete alignment with the Defense Department’s information security objective.

This means not only reduced risk of cyber incidents but also an ability to audit network activity if incidents do occur.

While the final deadline for full compliance is December 31, 2017, contractors are expected to implement all security requirements as soon as possible. In the interim, contractors have 30 days to notify the DoD Chief Information Officer of all requirements not implemented in their supply chain at the time of contract award.

Starting on the path to compliance with NeQter Labs today can ensure that your company is properly securing Controlled Unclassified Information (CUI) ahead of the Defense Department’s deadline, preserving bidding rights and maintaining existing contracts.

..... ..... .....
..... ..... .....
...... ......