Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
NIST SP 800-171 Is Now More Important Than Ever: Are You Following the Framework?

by Erik Briceno

The National Institute of Standards and Technology, more commonly referred to as NIST, puts out extremely important guidelines to follow, and we have covered those guidelines at length in past articles. However, there have been quite a few changes since we last wrote about them. Today, we’re putting out a refresher on the subject for readers who are unfamiliar with NIST compliance, as well as sources for some of the more recent, important updates to NIST standards.

 

What Is NIST?

Officially, the National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act, or FISMA. NIST also assists those agencies in protecting their information and information systems through cost-effective programs.

In a nutshell, NIST guidance provides a set of standards for recommended security controls for information systems at federal agencies. These standards are endorsed by the government, and companies comply with NIST standards because they encompass security best practices controls across a range of industries

 

Why Is NIST Compliance Important?

NIST SP 800-171 Is Now More Important Than Ever: Are You Following the Framework?Organizations of all types are increasingly subject to data theft and loss, whether the asset is customer information, intellectual property or sensitive company files. IT is not security, and security is not IT. Information security is about trying to protect information, while IT is about information sharing. You must have IT, and you need security, otherwise you’re only doing half the job. It’s about finding the balance between the two.

A comprehensive set of standards, methodologies, procedures and processes that align policy, business and technical approaches to address cyber risks is needed to protect both your organization and your customers.

 

What Are the Latest Revisions to NIST Guidelines?

The original version of SP 800-171 appeared in 2015 and provided 110 recommended requirements to ensure the confidentiality of Controlled Unclassified Information, or CUI, residing on the computers of contractors and other organizations that interact with the government. The original document, titled Draft NIST Special Publication (SP) 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, now has a new draft companion publication, NIST SP 800-171B, that offers additional recommendations for CUI in situations where that information runs a higher-than-usual risk of exposure. CUI includes a wide variety of information types, from individuals’ names and Social Security numbers to critical defense information.

 

NIST requirements should be applied far beyond the world of government contracting — especially in critical infrastructure systems. By adopting the NIST framework, you are taking an incredibly important step toward securing not only your business, but the privacy and trust of all who do business with you. Call us to ensure your organization is meeting those standards.

 

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
NIST SP 800-171 Is Now More Important Than Ever: Are You Following the Framework?
NIST SP 800-171 Is Now More Important Than Ever: Are You Following the Framework?