Why NIST Is Good for Your Business
You’ve heard of NIST – the National Institute of Standards and Technology – but you may not be aware of a few crucial details:
- What is NIST?
- What does NIST “cover”?
- Why is NIST important for my operations?
What Is NIST?
NIST is the U.S. Department of Commerce agency under which falls oversight of technology standards. Since 1901, NIST has driven standards that reinforce a strong competitive position for the United States among foreign rivals, with innovation and modern ideas including cybersecurity.
Reports of security breaches and data leaks seem to be constantly in the news and cybersecurity has become a pressing issue for global businesses. You need multiple layers of cybersecurity to protect your data and your brand, but what do you protect, how do you protect it, and where do you start?
What Is NIST 800-171?
Since NIST was established, the agency has evolved and will often release special publications on specific topics, as is the case with NIST 800-171 in 2015. This special publication addresses cybersecurity as it relates to controlled unclassified information (CUI), and focuses on how to best protect this data.
Controlled unclassified information is any data that is considered sensitive enough to warrant additional security since it pertains to the interests of the United States, but that does not need to be treated as classified.
What Should You Know About NIST 800-171?
Working with CUI is a delicate dance, with all partners tacitly agreeing to the same protocols with regulatory compliance. Given CUI isn’t classified, it’s not expected to be protected beyond reasonable means. If you store, access, or share CUI then you agree to minimum security measures outlined in NIST 800-171 to avoid fines – or worse.
The NIST 800-171 publication outlines best practices and guidelines for improvements in cyber security and what steps you need to take to protect your CUI from unauthorized access, controlling how CUI is stored, accessed, and shared.
These guidelines are grouped into key areas of technology:
- Information management and cyber security protocols
- Processes for monitoring IT systems and networks
- Control procedures for anyone accessing and/or using the data
- Physical and technological security measures
What becomes more clear from this list is that these protections not only safeguard CUI but increase cyber security for your entire IT ecosystem.
How Can You Become NIST 800-171 Compliant?
You first need to determine the data your business works with that is considered CUI, and identify each location where you have CUI that is stored or accessed. From this point, you’ll:
- Categorize your data and separate CUI
- Encrypt CUI
- Track and log all access to CUI
- Define clear policies and training procedures for all matters relating to storage, access, and sharing of CUI
The last step is probably the most critical of all – this is the best way to ensure processes are clearly laid out, but also supports enforcement of your processes and protocols. You’ll be well on your way toward NIST 800-171 compliance.