Tech

What is the process for obtaining NIST 800-171 certification?

If you’re doing business (or getting to do business) with the federal, you would like NIST 800-171 certification. This code applies to anyone who processes, stores, or transmits controlled unclassified information (CUI). Certifying that you simply are NIST 800-171 compliant guarantees the security and security of the info from cybercriminals.Suppose you’re getting to submit an invitation for proposal (RFP) to the Department of Defense (DoD) or General Services Administration (GSA). therein case, the contract you sign when submitting your RFP confirms that your company is NIST 800-171 compliant. Read on to seek out out more about NIST 800-171 certification and why it’s so important.

What Is NIST 800-171?

NIST stands for the National Institute of Standards and Technology. NIST created the code 800-171 to make sure that companies doing business with the state or federal protect the CUI and other data stored on computers that aren’t persisted government property. Both contractors and sub-contractors got to abide by the safety measures requested by this NIST 800-171 standard.

NIST 800-171 Checklist

You may be wondering where you start to make sure that you simply are NIST 800-171 compliant. Here may be a NIST 800-171 checklist with factors that you simply will get to consider when getting started:

  • Access Control: Who should have access? Who does have access?
  • Awareness and training: Do all staff members have the skills to handle CUI?
  • Audit and accountability: Who’s regularly accessing the CUI, and are you logging unauthorized access?
  • Configuration management: Are you securing configurations and managing changes by following Risk Management Framework (RMF) guidelines? does one have a baseline by which to regulate system changes?
  • Identification and authentication: does one manage and verify all users and devices on your network?
  • Incident response: what is the plan if there is a breach of your data?
  • Maintenance: How are you maintaining your configurations and adjusting to changes?
  • Media protection: How are you keeping physical and digital media secure?
  • Physical protection: How are you protecting against physical damage to hardware and software, including backups and external drives?
  • Personnel security: have you ever accounted for threats that will originate internally, like those from disgruntled personnel?
  • Risk assessment: have you ever assessed potentially vulnerable systems?
  • Security assessment: What method does one use to verify that your security measures are active and up-to-date?
  • System and communication protection: does one identify and encrypt communications that flow across your networks and systems?
  • System and knowledge integrity: does one have processes in situ to affect vulnerabilities once identified?

How does one Get NIST 800-171 Certification?

 The Cyber security services team can work with you to form sure you cover your bases and are in total compliance with NIST SP 800-171 certification so you’ll still work with state and federal agencies without interruption.

Leave a Reply