What is NIST 800-171?
NIST, or The National Institute of Standards and Technology, is a federal agency responsible for ensuring the protection of classified information entrusted to private contractors or third party organizations. According to NIST their mission is to “promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life“. One way that NIST promotes security is through the creation of frameworks such as NIST 800-171 to ensure the safety and handling of critical information.
Below is a Brief Description of What Is NIST 800-171 and What It Entails.
A Summary of NIST 800-171
NIST 800-171 was created by NIST to help defense contractors protect “controlled unclassified information(CUI)“. CUI includes personal information, intellectual property, and other federally protected information that is entrusted to third party organization. The goal of NIST 800-171 is to create a standardized system of protecting CUI across all federal agencies as a direct response to President Obama’s 2010 executive order mandating more strict protection of CUI. Today NIST 800-171 is still implemented and included other regulations including CMMC.
The NIST 800-171 framework contains 110 controls divided into 14 “control families” listed below:
- Access Control
- Awareness and Training
- Audit and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communications Protection
- System and Information
If you are a third party contractor working with the federal government then you will have to comply with NIST 800-171 standards!
CorpInfoTech is ready and willing to help you on your compliance journey. Contact us today to see how you can begin implementing the required NIST 800-171 controls.
Learn More about NIST 800-171:
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.