What is NIST 800-171?
NIST 800-171 is a set of guidelines for protecting the privacy of controlled unclassified information (CUI). CUI is defined as a wide range of data. The data itself is not classified, rather, the data is deemed sensitive by the government.
NIST 800-171 is a framework that allows for a standardized approach for maneuvering through government data, such that non-federal entities can handle part of the federal work.
Why is NIST 800-171 Necessary?
As a non-federal organization working with a federal agency, if at any point at all you read, write, or execute CUI you are expected to adapt the NIST 800-171 Framework.
If the non-federal organizations fails to meet the appropriate requirements. Said organization may not be able to work with federal agencies. Further, compliance failure could potentially end the relationship of contracts with the United States Government.
An important note: If an organization hires subcontractors, the parent organization is expected to ensure that those subcontractors meet NIST 800-171 compliance.
Components of Protection:
There are 14 Families in Following the NIST 800-171 requirements:
- Access Control
- Awareness and Training
- Audit and Accountability
- Configuration Management
- Identification and Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Protection
- Risk Assessment
- Security Assessment
- System and Communications Protection
- System and Information Integrity
We are here to help!
Are you wondering about your organization’s data risks and in need of a current NIST 800-171 security risk analysis? Contact Affinitas Tech by email: info@affinitastech.com, or by phone: 434-218-3599