Skip to main content

NIST 800-171: Definition And Compliance Advice

Do you deal with the federal government, or does a firm you work for? The National Institute of Standards and Technology (NIST) contains some crucial information about your personal data.

NIST 800-171, also known as NIST SP 800-171, became fully operational on December 31, 2017: even if you are not subject to NIST 800-171 compliance, the core competencies are still effective data security principles.

 


 


What does NIST 800-171 stand for?

NIST is a non-regulatory Federal body tasked with developing standards for federal agencies on a variety of areas, including cybersecurity. NIST 800-171, a companion document to NIST 800-53, lays out how Federal agencies' contractors and subcontractors should handle Controlled Unclassified Information (CUI) — it's tailored to non-federal information systems and organisations.

NIST SP 800-171 originated as Executive Order 13556, signed by President Obama in 2010, instructing all Federal agencies to protect their CUI and establishing a single strategy for data exchange and openness for all agencies.

NIST and the Federal government began to focus more on cybersecurity after a few data breaches in Federal agencies — USPS, NOAA, and OPM – in 2014. Congress approved FISMA in 2014, and NIST followed up with NIST 800-53, and subsequently, NIST 800-171.


What does NIST 800-171 stand for?

NIST 800-171 codifies how federal agencies define CUI, or confidential and sensitive information that is not classified under federal law. We're not talking about a list of BlackOps working in enemy territory - that's governed by separate regulations – but rather data protected by SOX or HIPAA, for example. Each agency is responsible for informing the National Archives and Records Administration, which is in charge of enforcing EO 13556, on the types of data that are CUI.

Controls outlined in NIST SP 800-171 apply to federal government contractors and subcontractors. This policy must be followed if you or another firm you deal with has a contract with a government agency. Federal agencies may add special requirements in their contracts; but, if your contract does not include those stipulations, NIST 800-171 will still apply to your agreements.


NIST 800-171 Advantages

The following are some of the advantages of applying the NIST 800-171 controls:

Management of risks
Data breaches are less likely.
Insider threats are less likely to occur.
Data access policies and best practices
A universal risk management framework and approach
Protecting sensitive data using a scalable security strategy


To know more about CMMC certification, visit Linqsgroup.com.

Labels:
Location: 1511 E State Rd 434 Suite 2001, Winter Springs, FL 32708, USA

Comments

Post a Comment

Popular posts from this blog

All You Need To Know About ITAR Certification

What exactly is ITAR? The US government's International Traffic in Arms Regulations is a collection of rules. To maintain security, it regulates the manufacturing, sale, and distribution of defense and military-related items, services, and technology included on the United States Munitions List (USML). It's rather hefty! It appears to be connected to missiles and nuclear weapons, but there is more to it.   The bulk of categories in the USML are actually defense things, such as rifles, guns, explosives, and tanks. But it isn't all. As you scroll down the list, you'll see that the categories begin to merge with commercial things such as electronics, chemicals, and satellites. The USML also controls the blueprints, schematics, pictures, and other material required to produce ITAR-controlled military gear, in addition to military hardware. ITAR refers to this information as "technical data." Physical items are easy to restrict; restricting access to digital data i...
Post a Comment
Read more

Why ITAR Compliance Should Not Be Ignored?

The International Traffic in Arms and Regulations, or ITAR, is a legislation that regulates exports. It's a Guideline, not a certification standard, as many people believe.   If an exporter is in the business of dealing with Defense Articles, Services, or Technical Data, the rules require them to become fully ITAR compliant. Noncompliance with these restrictions would result in civil or criminal fines, the most severe of which would be 20 years of confinement. If that wasn't enough, a damaged reputation for the rest of one's life would certainly draw attention to the case.     How To Comply With ITAR Regulations?   Most significantly, ITAR compliance is required in any and all circumstances. You need competent counsel, regardless of what has been said on the internet or comments made by so-called experts. The ITAR certification regulates and controls the export and import of defense-related goods and services included on the US Munitions List (USML). It is a set of ...
Post a Comment
Read more

HOW CAN ISO 27001 TRAINING HELP YOU EXPAND YOUR VENTURE

Wondering how to keep your personal data safe on your device? In a world, where every other day we hear or read news on personal data being leaked, it is better to be aware of ways to protect it. If you want to know more on compliances to follow for data privacy, you are at the right spot.     According to the personal data privacy mandate, every venture, whether big or small, is eligible for Iso 27001 Training . This training encompasses the important ways to access all kinds of data related risks. Once you know about the threats, you would be able to curb them with the right tools. This training is extremely crucial for any business venture as it points out the potential risks involved in maintaining personal data. Once trained, you would be accountable for your own data. With the right kind of guidance, you would also be able to reduce the risks. The policies address all kinds of risks that could affect your data stored on the web. Miscreants are always on the lookout for o...
Post a Comment
Read more