My issue was resolved promptly.
Does your organization deal with the federal government? If so, the National Institute of Standards and Technology has this important message for you.
In today’s highly regulated business world, you’re probably already familiar with a couple of regulatory standards. And this is especially true if your organization is under contract with a Federal agency.
With years of experience in delivering reliable IT services, Outsource IT Solutions realizes the significance of your data record handling practices to maintaining the trust of vendors, partners, contractors, and clients.
NIST 800-171, also known as NIST SP 800-171, is a vital security standard even if your business isn’t a federal contractor or subcontractor. Interested in learning everything you need to know about this important standard? Let’s start with some key definitions.
Watch our short video presentation to get started:
Before we start discussing NIST 800-171, we need first to define what Controlled Unclassified Information means. In a nutshell, CUI is data that isn’t classified under federal law but is still considered sensitive and of interest to the United States. This doesn’t include a list of special ops currently operating behind enemy lines. Instead, the information covered mostly includes data covered by SOX or HIPAA, for example.
Every agency is responsible for communicating to the National Archives and Records Administration (the executive agent in charge of developing and enforcing standards for unclassified data) exactly what information it considers CUI. Not only does each agency need to create a public registry of the data types that comprise CUI, but they also have to outline clear reasons.
The “financial” category, for instance, includes subcategories involving the roles of financial institutions and United States fiscal functions, such as:
What Is NIST 800-171? In full, NIST 800-171 is the National Institute of Standards and Technology Special Publication 800-171 and governs CUI in non-federal information systems and organizations. NIST 800-171 is designed to safeguard and distribute data that is still considered sensitive despite not being classified.
Following several data breaches, the government passed FISMA to bolster cybersecurity regulations. Quickly afterward, NIST followed with NIST 800-53 and finally NIST 800-171.
Do You Need to Comply With NIST 800-171? In simple terms, if your business processes, transmits, or stores CUI for a state or federal agency, then you need to comply with the NIST 800-171 standards. However, achieving NIST 800-171 compliance could become a tedious, painstaking process and take roughly 6-8 months.
In case you aren’t absolutely sure if you need to worry about NIST 800-171 standards, here’s a list of organizations that need to achieve compliance:
Our experienced IT professionals at Outsource IT Solutions are here to help you achieve NIST 800-171 compliance.
Contact us now to get started!