The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect federal agencies’ information and information systems. The government endorses these standards, and companies follow NIST compliance standards because they encompass security best practices controls across a range of industries – an example of a widely adopted NIST standard is the NIST Cybersecurity Framework.NIST standards are based on best practices from several security documents, organizations, and publications, and are designed as a framework for federal agencies and programs requiring stringent security measures.
In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST 800–171; Protecting Controlled Unclassified Information In Nonfederal Information Systems and Organizations. CUI is defined as information — both digital and physical — created by a government (or an entity on its behalf) that, while not classified, is still sensitive and requires protection.
NIST 800–171 was initially published in June 2015 and has been updated several times since then in response to evolving cyberthreats. It provides guidelines on how CUI should be securely accessed, transmitted, and stored in nonfederal information systems and organizations; its requirements fall into four categories:
- Controls and processes for managing and protecting
- Monitoring and management of IT systems
- Clear practices and procedures for end-users
- Implementation of technological and physical security measures
NIST Compliance Benefits
The first benefit of NIST compliance is that it helps to ensure an organization’s infrastructure is secure. NIST also lays the foundational protocol for companies to follow when achieving compliance with specific regulations such as HIPAA or FISMA. It is important to keep in mind, however; that following NIST is not a complete assurance that your data is secure. That is why NIST guidelines begin by telling companies to inventory their cyber assets using a value-based approach, to find their most sensitive data, and prioritize protection efforts around it.
If you have other questions or would like to speak with us about how we can help you, please call us at 336-804-8449 or fill out a form below to be contacted by one of our representatives.