Need NIST 800-171 Compliance? We Can Help!
What Is Considered CUI?
Controlled Unclassified Information is basically information that is important to the United States of America, but is not necessarily controlled or monitored by the government. This information needs controls that describe its required safekeeping. This information needs to be "consistent with the applicable law, regulations and government- wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act." Every agency is required to make CUI categories/ subcategories and explain why they are CUI that are available to the public.
Benefits of Being NIST 800-171 Compliant
There are several benefits of becoming NIST 800-171 compliant. First and foremost, this is required, therefore being compliant allows your company to continue to work with the DoD and other governmental agencies. This will also result in winning new Federal contracts as well. Having compliance means that your own company is secure, which means less risk of becoming breached. This is an overall win-win situation.
Becoming NIST 800-171 Compliant
Vendors had to become NIST compliant by December 31, 2017. Any vendor who wishes to deal with Controlled Unclassified Information, i.e. stores, transmits, and/or processing of this information must become compliant. Not being compliant can result in loss of contracts or loss of reputation for your company. These controls that are set up in 800-171 are security controls that verify your company's reliability and safety. NIST 800-171 has 14 sections, which contain the 110 controls. These 14 sections are listed below:
This would look into which employees are able to view key information
Awareness & Training
This verifies if the employees who do have access are trained to handle the information
Audit & Accountability
This verifies who does and does not have access
This shows how the safety procedures are built and implemented
Identification & Authentication
This will show CUI verification of employees
This will outline what to do in case of attack or breach
This shows when maintenance will be occurring.
This shows how electronics and media forms are stored safely and securely
This lists who has access to physical types of storage
This will explain the prior procedures of processing who is allowed to view CUI
This will show the risks of the controls or the people viewing them
This provides information on how effective the safety is and shows if more or less is needed
System & Communication Protection
This verifies that CUI is monitored with very close care at both internal and external areas
System & Information Integrity
This shows how fast any threats or attacks are detected and fixed