If you work for a company with government contracts, you’re well aware of how important security and compliance is, especially when it comes to how data is handled. While you might not be working with officially classified information as a non-federal contractor, you’re still handling potentially sensitive materials.
The primary standard governing the handling and accessing of non-classified information is NIST 800-171. NIST 800-171 (also referred to as NIST SP 800-171 or simply 800-171) is a set of security standards for non-federal computer systems, mandating how Controlled Unclassified Information (CUI) is to be handled.
NIST 800-171 was created in response to a lack of consistency across federal departments and their contractors that left openings for exploits and resulted in some major breaches of information. With NIST 800-171, all non-federal contractors have a universal set of standards to follow when it comes to how they handle CUI.
Handling Controlled Unclassified Information (CUI)
CUI is a classification created in 2008 to cover information that is potentially sensitive and relevant to US interests. CUI includes intellectual property, technical drawings, blueprints, legal materials, and more.
Before CUI, agencies used their own internal systems for marking and filing unclassified information, creating confusion and openings for security breaches. CUI helps keep unclassified information better protected and better organized through a filing system of categories and subcategories such as Agriculture, Patent, Law Enforcement, etc.
CUI should not be confused with classified information, which falls under NIST 800-53. Classified information is placed under significantly higher restrictions, can only be accessed with officials holding specific security clearance, and can result in criminal charges when mishandled.
Handling CUI might not be as strict, but it can still be a complicated process achieving NIST 800-171 compliance.
Achieving and Maintaining NIST 800-171 Compliance
If you’re handling CUI in any way, then you are bound to NIST 800-171 standards. If you are working for a federal or state organization, you fall under NIST 800-171. Even if you are working with a third party who in turn, is working with a government agency, you may need to follow NIST 800-171.
It’s always best to be safe rather than be in trouble with the federal government. Failure to protect CUI and follow NIST 800-171 will result in the loss of your current contract, as well as future work. It may incur additional penalties as well.
NIST 800-171 sets standards for user access, authentication procures, activity monitoring, maintenance and updates, physical server access, risk assessment, incident response, and more. Achieving compliance is not as simple as checking a few boxes. It is a process that is on-going. That’s where we can help.
Being located in Dayton, Ohio, DataYard is well-versed in NIST 800-171 compliance. We provide a roadmap experience for our clients, guiding them along the way to meeting all of the necessary standards and helping them maintain them.
From IT consultation to secured hosting to Dayton colocation, our suite of services can be tailored to meet all of the necessary NIST 800-171 standards. Contact us today to learn more and begin your journey towards true compliance.