[et_pb_section fb_built=”1″ custom_padding=”0px|0px|0px|0px” fullwidth=”on” disabled_on=”on|on|off” _builder_version=”3.0.65″ background_image=”https://www.mdsny.com/wp-content/uploads/2017/08/blog-nist-sp-800-171-protect-federal-cui-non-federal-organizations.jpg” background_position=”center_right” background_blend=”darken”][et_pb_fullwidth_header title=”The Countdown to NIST 800-171 Compliance Has Begun…” text_orientation=”center” title_font_color=”#ffffff” background_overlay_color=”rgba(0,0,0,0.55)” _builder_version=”3.0.65″ title_font=”Droid Serif||||” title_font_size=”47px”][/et_pb_fullwidth_header][/et_pb_section][et_pb_section fb_built=”1″ custom_padding=”0px|0px|0px|0px” fullwidth=”on” disabled_on=”off|on|on” _builder_version=”3.0.65″ background_image=”https://www.mdsny.com/wp-content/uploads/2017/08/blog-nist-sp-800-171-protect-federal-cui-non-federal-organizations.jpg” background_position=”center_right” background_blend=”darken”][et_pb_fullwidth_header title=”NIST 800-171″ text_orientation=”center” title_font_color=”#ffffff” background_overlay_color=”rgba(0,0,0,0.55)” disabled_on=”off|on|on” _builder_version=”3.0.65″ title_font=”Droid Serif||||” title_font_size=”47px”][/et_pb_fullwidth_header][/et_pb_section][et_pb_section fb_built=”1″ custom_padding=”12px|0px|11px|0px” _builder_version=”3.0.65″][et_pb_row make_fullwidth=”on” custom_padding=”7px|1px|0px|3px” _builder_version=”3.0.65″][et_pb_column type=”4_4″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px” text_text_color=”#000000″ inline_fonts=”Droid Serif”]

By Jarra Gruen, MDS

Does your company do business with the Department of Defense? Do you want that business to continue after 2017?

If you answered yes to both of these questions, you need to know about Defense Federal Acquisition Regulation Supplement (DFARS) clause 225.204-7012 and its potential impact on your business. 

As of December 2017, the National Institute of Standards and Technology (known as NIST) will be making the requirements of its new NIST 800-171 (Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations) mandatory. This guidance will be directed towards contractors who have access to controlled unclassified information (CUI) and work with the federal government. This also includes manufactureres, subcontractors, and vendors who supply products and services to federal agencies.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” custom_padding=”29px|1px|0px|3px” _builder_version=”3.0.65″][et_pb_column type=”1_2″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px” text_text_color=”#000000″ inline_fonts=”Droid Serif”]

What does this mean for you and your organization? 

In practical terms, the Department of Defense (DoD) is telling its contractor community that if you want to be able to receive sensitive information determined by DoD, you must assure the DoD that your own IT systems will be able to contain that information securely.

Failing to do so after 2017 will preclude you from contracting with DoD.

The good news is that there is still time before the 14 security objectives are put into effect, and MDS is here to give you a cricial heads up about what prepping your organization for NIST 800-171.  

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_countdown_timer title=”NIST 800-171 Takes Effect In:” date_time=”12/01/2017 00:00″ background_layout=”light” background_color=”#e0cc8f” module_id=”#rcorners1 { border-radius: 25px; background: #73AD21; padding: 20px; width: 200px; height: 150px; }” module_class=”#rcorners1 { border-radius: 25px; background: #73AD21; padding: 20px; width: 200px; height: 150px; }” _builder_version=”3.0.65″ header_font=”Droid Serif||||” header_font_size=”31px” numbers_font=”Droid Serif||||” numbers_text_color=”#3f3f3f” custom_css_before=”#rcorners1 {|| border-radius: 25px;|| background: #73AD21;|| padding: 20px; || width: 200px;|| height: 150px; ||}||” custom_css_main_element=”#rcorners1 {|| border-radius: 25px;|| background: #73AD21;|| padding: 20px; || width: 200px;|| height: 150px; ||}||” custom_css_after=”#rcorners1 {|| border-radius: 25px;|| background: #73AD21;|| padding: 20px; || width: 200px;|| height: 150px; ||}||” custom_css_container=”#rcorners1 {|| border-radius: 25px;|| background: #73AD21;|| padding: 20px; || width: 200px;|| height: 150px; ||}||” custom_css_title=”#rcorners1 {|| border-radius: 25px;|| background: #73AD21;|| padding: 20px; || width: 200px;|| height: 150px; ||}||”][/et_pb_countdown_timer][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ background_color=”#e8e8e8″ custom_padding=”0px|0px|8px|0px” _builder_version=”3.0.65″][et_pb_row make_fullwidth=”on” custom_padding=”30px|0px|15px|0px” _builder_version=”3.0.65″][et_pb_column type=”2_3″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px” text_text_color=”#000000″ inline_fonts=”Droid Serif”]

A Brief History: Why is NIST 800-171 so Important? 

A primary target for hackers are non-federal organizations that have access to federal data (including citizen’s higher education, tax, and healthcare records). This type of information is of high value to malicious users looking to either directly exfiltrate this information or establish a foothold as a jumping off point to larger federal agency targets.

Although data in transit must be protected per federal encryption requirements, the larger question that comes to mind is: what controls should be in place to also protect the data once it reaches the intended recipient?

That is where NIST 800-171 becomes relevant. This new standard was implemented to help fill the gaps of protecting Controlled Unclassified Information (CUI) on non-federal information systems.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_3″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2017/08/NIST-Image.png” _builder_version=”3.0.65″][/et_pb_image][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ custom_padding=”17px|0px|18px|0px” _builder_version=”3.0.65″][et_pb_row make_fullwidth=”on” custom_padding=”7px|0px|0px|0px” _builder_version=”3.0.65″][et_pb_column type=”2_3″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px” text_text_color=”#000000″]

The 14 NIST 800-171 Security Objectives:

NIST 800-171 is chiefly interested in making your organization ready to handle any possible cyber threats that will compromise your CUI. 

There are 14 categories of security requirements that must be met. Each category has a unique set of policy tests in which affected programs must meet:

1. Access Control
2. Audit and Accountability
3. Awareness and Training
4. Configuration Management
5. Identification and Authentication
6. Incident Response
7. Maintenance
8. Media Protection
9. Physical Protection
10. Personnel Security
11. Risk Assessment
12. Security Assessment
13. System and Communications Protection
14. System and Information Integrity

NIST 800-171 compliance is a dynamic process…

[/et_pb_text][/et_pb_column][et_pb_column type=”1_3″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_image src=”https://www.mdsny.com/wp-content/uploads/2017/08/route-zig-zag.png” _builder_version=”3.0.65″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row make_fullwidth=”on” custom_padding=”7px|0px|6px|0px” _builder_version=”3.0.65″][et_pb_column type=”4_4″ _builder_version=”3.0.65″ parallax=”off” parallax_method=”on”][et_pb_text _builder_version=”3.0.65″ text_font=”Droid Serif||||” text_font_size=”18px” text_text_color=”#000000″]

Your IT systems, as well as government security standards, are always changing. Achieving compliance is only the start; maintaining compliance is an ongoing process.

If you ahere to the objectives outlined in this article and be consistent in the following of these objectives, you’ll be well within the requirements for NIST 800-171 compliance. And although it is a hassle to initially become compliant, your company’s overall security will be improved and streamlined once all 14 regulations are in place. 

MDS can help build a comprehensive, compliant NIST 171-800 solution in which sensitive federal data is effectively hidden from the sticky hands of hackers.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ background_color=”#8d8c91″ custom_padding=”4px|0px|20px|0px” admin_label=”section” _builder_version=”3.0.65″][et_pb_row make_fullwidth=”on” custom_padding=”10px|0px|24px|0px” admin_label=”row” _builder_version=”3.0.47″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ parallax=”off” parallax_method=”on”][et_pb_cta title=”There’s Still Time To Comply!” button_url=”https://www.mdsny.com/contact/” button_text=”Contact Us” use_background_color=”off” admin_label=”Call To Action” _builder_version=”3.0.65″ header_font=”Droid Sans|on|||” header_font_size=”31px” body_font=”Droid Sans||||” body_font_size=”19px” background_size=”initial” background_position=”top_left” background_repeat=”repeat” custom_button=”on” button_text_color=”#2d3743″]

Security and compliance are not synonymous. Learn how to develop a competitent security strategy and stay ahead of ever-changing regulations with MDS.

[/et_pb_cta][/et_pb_column][/et_pb_row][/et_pb_section]