Are you Worried about NIST Compliance?
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations is designed specifically to protect unclassified information outside the government.
With the amended DFARS 252.204.7008 (Compliance Safeguarding and Covered Defense Information Controls, and DFARS 252.204.7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) requirements, Department of Defense contractors will have until December 31, 2017 to fully Implement NIST 800-171 controls on covered contractor information systems. It’s not too late to act! Get your SSP in place ASAP.
What is CUI and does it apply to my organization?
Controlled Unclassified Information (CUI), and the CUI Registry is maintained by the National Archives. The CUI Registry is maintained by the National Archives. The CUI Registry is the government-wide online repository for Federal-level guidance regarding CUI policy and practice. To See if you handle CUI visit the Archives Registry page found here.
The language used within the requirement states that any Federal Contractor or Sub-Contractor that contracts with the Department of Defense (DoD) needs to be NIST 800-171 Compliant. Knowing the type of CUI you handle is great, but it’s only the first step towards compliance.
Is your organization ready?
The mandate itself provides guidance and defines 14 categories of security requirement for CUI:
Don’t be scared!The security controls above sound technical, right? Not necessarily. NIST 800-171, and a vast majority of the above-mentioned security requirements are process and document related. The requirement wants to make sure that your organization has the proper processes in place, many of which don’t need a technical solution in order to be considered compliant.
Let ISMS Help!ISMS Solutions, in partnership with NSF International, can provide your organization with all the necessary tools to assess, update, and meet the requirement. We’ve broken down the process into two steps: