By Rob Cote, Security Vitals
There are now less than 75 days until the end of year and the deadline for compliance with the NIST 800-171 cyber security standard. Some companies are actively working to address the requirements but continue to struggle with understanding the many details and process implications.
NIST 800-171 is a Cyber Security mandate affecting manufacturers that produce parts for aerospace and military applications. With a year-end compliance deadline that can result in cancelled contracts, the most important question is… does this standard apply to your company?
The answer to compliance resides in the answer to some basic qualifying details:
- Do you build parts to a design speciation that was directly or indirectly generated by DOD?
- Are the parts/components specific to a military or aerospace application (as opposed to off-the-shelf widespread use)?
- Do you receive and use digital information for design, part number or financial data relating to DOD parts/components?
If the answer to any of the above items is “yes” then your company must comply with NIST 800-171.
There are many ways to achieve compliance, but the most critical factor in the equation is the ability to minimize risk. While this may seem like the obvious answer to a simple question, the reality is much different.
Because NIST 800-171 is focused on controlled unclassified information (CUI), an organization’s ability to limit the how, when and where this information is accessed has a huge impact on its ability to effectively reduce risk. Since CUI data is largely comprised of drawing (math) data, part numbers and financial costing data, moving the data to a separate network simplifies the process of protecting it. This process of isolating CUI data is the foundation when effectively achieving NIST 800-171 compliance:
- Conduct Internal Gap Review to identify CUI
- Establish Secure CUI Environment
- Move CUI to Secured Environment
- Implement Technical Controls
- Security Monitoring
- Vulnerability Scanning
- File Integrity Monitoring
- 2 Factor Authentication
- Develop Policies and Conduct Awareness Training
- Conduct Security and Risk Assessments
- Develop and publish an Incident Response Plan
Download the 7 Steps Guide – link to https://securityvitals.com/nist-download-guide-form/
Webinar registration – link to https://securityvitals.com/nist-800-171-compliance-webinar-registration-2/
Visit securityvitals.com/nistnow/ for all your NIST 800-171 compliance needs.
About Security Vitals – link to https://securityvitals.com/about-us/