What Is NIST and What Does It Mean for My Business?
The National Institute of Standards and Technology is a government institution that decides technology standards to which all businesses must adhere.
Ancient compared to modern technology, NIST was established more than 100 years ago but was established to promote competitiveness and simultaneously encouraging businesses to leverage the power of technology to improve quality of life and protect the U.S. economy and consumers – all of this is still applicable today as the foundation of NIST, and is why the regulations are still valid.
What Does NIST Mean for My Business?
IT companies may use the acronym NIST when referring to IT concerns focusing on cybersecurity. More specifically there is a special publication by NIST, originally released in 2015 but regularly updated, regarding controlled unclassified information – a fancy way of saying “data” – and what businesses need to do to protect their data.
What is NIST 800-171?
This special publication focuses on protecting data that is controlled unclassified information (CUI), digital or physical. Basically, information that isn’t considered classified – like “state secrets” – but is still considered sensitive requires protection. This publication outlines the cybersecurity protection protocols to which businesses must be compliant to ensure data is securely stored and shared.
Does my business need to be compliant with NIST 800-171?
If your business stores or shares data that is sensitive or relevant to the interest of the United States (but isn’t classified), the standards outlined in NIST 800-171 apply to you. The standards outlined in NIST 800-171 applies to all industries.
How does NIST 800-171 impact my business?
Complying to these standards is the ultimate target for which all businesses should aim. The driving factor behind the creation of NIST 800-171 was improving data security standards after several large-scale data breaches were widely reported.
How do NIST 800-171 standards protect my data?
Requirements for NIST 800-171 fall into these four categories:
- Protocols for data management and security
- Processes for monitoring and managing IT systems
- Procedures for anyone accessing and/or using the data
- Physical and technological security measures
These categories cover just about every angle when it comes to how CUI should be safeguarded with regard to access, transmission, and storage.
How do I know if my business is NIST 800-171 compliant?
Determine what data you work with is CUI, including all locations where it’s stored – including copies. It’s better to categorize this data separately from other data with which your business works.
You’ll then need to establish the protocols mentioned in the previous bullet for limiting access to this CUI and how users will access securely, and you’ll need to encrypt the CUI.
Beyond these steps, you’ll need to consistently monitor – and log – when CUI is accessed, and then formalize a training process so that all involved, including those who access and those who monitor, are consistent in steps taken.
How Do I Make Sure My Business Is NIST 800-171 Compliant?
If this sounds overwhelming, that’s because there is a lot involved with becoming NIST 800-171 compliant. You can read the requirements and take the appropriate actions and steps, but working with a team of IT professionals who simplify the steps and make sure your journey is as stress-free as possible, resulting in compliance.
Which sounds like the better choice?