For companies looking to contract with the United States Department of Defense (DoD), it’s imperative to make sure your cyberdefenses are up to par. A big part of that is implementing the controls from Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (SP 800-171), published by the National Institute of Standards and Technology (NIST). And understanding the NIST 800 171 controls is the first step toward compliance.
Category: NIST 800-171 / DFARS
Stay informed on NIST 800-171 compliance. Access expert guides, requirements, and updates to help your organization protect CUI and meet federal security standards.
-
What is the NIST SP 800-171 Revision 2?
The protection of controlled unclassified information (CUI) in non-federal systems and organizations is as important as the security of the federal government data and information. This is because a threat to CUI in non-federal systems could disrupt the proper running of federal government business. The NIST SP 800 171 Revision 1, also called the NIST SP 800-171 Rev. 1 was created to tackle this issue. To further strengthen the confidentiality of the data in CUI, the NIST SP 800-171 Revision 2, a revision of the NIST 800-171 Rev. 1, was published in February 2020.
-
Overview of NIST 800-171 Revision 1
The National Institute of Standards and Technology (NIST) published its first draft of Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, back in December of 2016. It’s undergone several revisions since then, with the final version of NIST 800-171 Revision 1 published in 2018 (and Rev 2 in 2020).
-
NIST 800-171 Implementation Guide for Small-Medium Sized Businesses
Any business owner who wants to work with the Department of Defense (DOD) has to ensure their organization is secured against cybercrime. While even large firms can have trouble keeping up with safety rules and regulations, it’s uniquely burdensome for smaller companies with modest IT budgets. That’s why we’ve put together this dedicated NIST CSF and NIST 800 171 implementation guide targeted specifically at small to medium businesses.
-
What Is The NIST Small Business Cybersecurity Act?
Responding to new cybersecurity attacks and breaches The National Institute of Standards and Technology (NIST) passed the NIST small business cybersecurity act in 2018. What the act means for small businesses, is that NIST is required to provide support to small and medium-sized companies in their efforts to prevent cybersecurity breaches and attacks.
-
7 Steps to Implementing a Zero Trust Architecture
Nowadays, all kinds of companies are expanding their horizons and pushing their boundaries beyond what can be done in a physical office space. Even before the COVID-19 pandemic and its effects on businesses across the world, mobility and flexibility have been strategic priorities. Now, our new normal has made most businesses at least partially remote.
-
Top Tech for Your Zero Trust Cybersecurity Architecture
“Do not trust anyone!” The catchphrase that best describes zero trust, is a security concept encouraging organizations to automatically distrust all network activity. As this security concept gains traction, many security providers are flooding the market with solutions. In this article, we will unpack the top technologies for a zero trust cybersecurity architecture.
-
NERC vs. NIST: Choosing the Right Infrastructure Cybersecurity Framework
Cybersecurity implementation can be a long and complicated process if your organization hasn’t been built with security as a part of its design. This is why different committees, interest groups, governments, and cybersecurity professionals come together to develop robust cybersecurity frameworks and regulations.
Depending on the industry that your organization is part of, these frameworks and regulations may be known to you as CIS CSC, NIST, ENISA, ISO 27001 ect. With so many frameworks it is hard to know which is best suited to your organization’s needs. Although all frameworks have their merit, some pertain to either specific industries or requirements.
-
Implementing a Zero Trust Network Security Strategy
There’s been a paradigm shift over the past decade and a half in the world of cybersecurity. Whereas older models and systems prioritized perimeter defense, the definition of “perimeter” itself has changed over time. Today, businesses are increasingly mobile and remote, utilizing cloud servers to extend the workforce far outside the office or headquarters.
These changes are all the more necessary in our current environment of pandemic response. Our mandated practices of social distancing and work from home (WFH) have created an environment in which every company is rethinking its perimeters in real time. These challenging times call for new practices, and zero trust framework is the future of cybersecurity.
-
How Zero Trust Architecture Helps Secure the Cloud
Cloud technology has revolutionized the way businesses operate all across the world. Cloud servers enable any company to leverage others’ computing capabilities to mobilize their own workforces, enabling greater flexibility in all business operations. Whether it’s enabling the storage of sensitive data or work from home, the cloud is key to all businesses’ future.