A disaster recovery plan is essential for securing your IT systems and protecting yourself against threats. In fact, 80% of businesses that don’t have a disaster recovery plan will go out of business within a year of a serious issue.Continue reading
If you work for a company with government contracts, you’re well aware of how important security and compliance is, especially when it comes to how data is handled. While you might not be working with officially classified information as a non-federal contractor, you’re still handling potentially sensitive materials.
The primary standard governing the handling and accessing of non-classified information is NIST 800-171. NIST 800-171 (also referred to as NIST SP 800-171 or simply 800-171) is a set of security standards for non-federal computer systems, mandating how Controlled Unclassified Information (CUI) is to be handled.
NIST 800-171 was created in response to a lack of consistency across federal departments and their contractors that left openings for exploits and resulted in some major breaches of information. With NIST 800-171, all non-federal contractors have a universal set of standards to follow when it comes to how they handle CUI.
Handling Controlled Unclassified Information (CUI)
CUI is a classification created in 2008 to cover information that is potentially sensitive and relevant to US interests. CUI includes intellectual property, technical drawings, blueprints, legal materials, and more.
Before CUI, agencies used their own internal systems for marking and filing unclassified information, creating confusion and openings for security breaches. CUI helps keep unclassified information better protected and better organized through a filing system of categories and subcategories such as Agriculture, Patent, Law Enforcement, etc.
CUI should not be confused with classified information, which falls under NIST 800-53. Classified information is placed under significantly higher restrictions, can only be accessed with officials holding specific security clearance, and can result in criminal charges when mishandled.
Handling CUI might not be as strict, but it can still be a complicated process achieving NIST 800-171 compliance.
Achieving and Maintaining NIST 800-171 Compliance
If you’re handling CUI in any way, then you are bound to NIST 800-171 standards. If you are working for a federal or state organization, you fall under NIST 800-171. Even if you are working with a third party who in turn, is working with a government agency, you may need to follow NIST 800-171.
It’s always best to be safe rather than be in trouble with the federal government. Failure to protect CUI and follow NIST 800-171 will result in the loss of your current contract, as well as future work. It may incur additional penalties as well.
NIST 800-171 sets standards for user access, authentication procures, activity monitoring, maintenance and updates, physical server access, risk assessment, incident response, and more. Achieving compliance is not as simple as checking a few boxes. It is a process that is on-going. That’s where we can help.
Being located in Dayton, Ohio, DataYard is well-versed in NIST 800-171 compliance. We provide a roadmap experience for our clients, guiding them along the way to meeting all of the necessary standards and helping them maintain them.
From IT consultation to secured hosting to Dayton colocation, our suite of services can be tailored to meet all of the necessary NIST 800-171 standards. Contact us today to learn more and begin your journey towards true compliance.
Need Help Maintaining Compliancy?
TELL US WHAT YOU NEED
HIPPA compliance can be a little intimidating for those who have never dealt with it before. Not only are the rules vast and complex, but failure to follow HIPAA can lead to major fines, lawsuits, and more. Before you dig too deeply into the ins and outs of HIPAA, it makes sense to wonder whether or not HIPAA is a factor for you in the first place.
Though HIPAA stands for the Health Insurance Portability and Accountability Act, it of course extends to more than just health insurance providers.
Anyone working within the health or medical industry at any capacity will encounter some part of HIPAA. This includes physicians, dentists, counselors, and more. Additionally, companies that have vendors, customers, or third-party connections in the health industry may also be required to follow parts of HIPAA.
In today’s digital age, one area where businesses really need to be mindful of HIPAA compliance is regarding their online tools and services.
Do Your Online Services Need to be HIPAA Compliant?
Virtually every business or organization has a website these days. That website is hosted on a physical server somewhere. However, not all servers are the same.
In addition to different speeds, capacities, and software, some servers are HIPAA compliant while others are not. Now, just because you operate within the health industry does not necessarily mean you need HIPAA compliant hosting.
For example, let’s say you’re a dental office with a simple website explaining who you are, what you do, and how you can be reached. In this case, HIPAA compliant hosting isn’t required. However, if you wish to add digital intake forms, or you plan on storing current or potential client’s health information, HIPAA comes into play.
Of course, it’s not just websites that are hosted on servers. Email, online software, cloud storage, and more all fall under HIPAA compliance rules. It’s important to make sure you’re protected.
HIPAA Consultation Makes Compliance Easy
At DataYard, we provide HIPAA compliant hosting solutions and IT services to protect your clients’ information and keep you from facing hefty fines. We realize you might not exactly know what you need when it comes to maintaining HIPAA compliance. That’s why we also offer IT consultation services that we call the Discovery process to make sure you get exactly what’s needed.
Whether you know what you’re looking for, and you’re looking to talk to someone who does, DataYard is here for you.
Need Security Consultation?
TELL US A LITTLE BIT MORE ABOUT YOUR BUSINESS
We’d like to thank you DONet & DataYard mail users alike. We’ve spent the last several months bringing you a whole new revamped Connect Mail experience. These upgrades will not require any of our customers to make any changes to their mail clients.
One of the biggest changes you will notice right away is that we’ve changed our webmail platform. We’ve integrated many of our previously separated services into one single pane of glass. Within the new webmail, you will now be able to set forwarders, auto responders, and even create filters to filter your mail. We feel this new experience will be much more user intuitive and stream lined.
When you login to the new webmail, you should see all of your mail, folders and settings. This includes all of your signatures, identities, contacts and contact groups.
The new settings will have some similar features you should be accustomed to using, but you will also notice some new links. On the left hand side you will notice a mobile sync tab which can be used to now synchronize your webmail/mail calendar to your phone, along with all of your contacts.
You will also notice these three tabs next to your folder structure. These are the new locations for you to forward your mail, setup auto responders, and filter incoming messages. No longer will you need to use your my.donet.com to make these changes.
Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or email@example.com. Remember to follow us on Twitter (@datayardtechops & @datayard)!
DataYard’s technical operations team will be cancelling scheduled maintenance for our MySQL cluster set for August 2nd. No downtime will occur, all services will continue operating as normal.
If you are experiencing an issue with your Outlook 2010 starting in Safe Mode after running Windows Updates on or after 12/8/2015, here are the steps to resolve this problem.
Uninstall the KB3114409 Outlook 2010 update:
- Open Installed Updates by clicking the Start button , clicking Control Panel, clicking Programs, and then, under Programs and Features, clicking View installed updates.
- Select the update KB3114409 to remove, right click, then click Uninstall. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation. (If you have an issue finding it in the list you can use the search in the top right of the screen)
- Restart Computer.
- Open Outlook 2010.
If you are asked if you would like to start in Safe Mode, select NO and delete the shortcut you launched Outlook from and add it back.
Discontinuing Control Panel Access
DataYard systems team will be discontinuing access to two hosting control panels as of 1/31/14.
Everything that has a beginning has an end… and we are sorry to inform you that we will no longer be offering two hosting control panels in https://controlpanel.donet.com:8443/ and https://controlpanel2.donet.com:8443/.
You may be asking yourself “Why this? Why now? How will we survive? Where are my car keys?”
We are doing this to address security concerns and to reduce costs of our legacy shared hosting platforms.
We can’t help with the car keys, but we can help with any of your needs for sites and mailboxes hosted on these platforms.
Please don’t hesitate to call us at 937-226-6896 or emailing firstname.lastname@example.org. We will make sure that what you need done gets done.
How can I connect to my DataYard VPN tunnel?
If you have services provided to you by DataYard that allow you connect via VPN, this walk through will take you through the setup of your VPN client.
We recommend Shewsoft VPN Access Manager, which can be downloaded from their website: https://www.shrew.net/download/vpn.
Once you have downloaded the client, you will first need to import the .pcf or .vpn file provided to you.
You will do this by going to File, Import and then browse your computer for the file.
Once you have the file imported, you should see it in your main screen.
Now just click the file and choose ‘connect’
You should now be prompted for your username and password, this was provided to you by DataYard Staff.
How can I test my Ethernet Express connection to see if it’s up?
Please, do not reboot any managed devices on site. If you think your service is down or degraded, the quickest resolution would be to contact DataYard technical support.
Here are some recommended ways to confirm connectivity to the internet. This information would also be helpful to have ready for our technical support team when calling in:
- Check multiple web sites (like facebook.com and google.com).
If any other sites come up correctly, the site you originally tried may be having trouble.
- Check another workstation/device on the network for the ability to browse.
If they can browse, the trouble may be isolated to your workstation.
- Ping a known public host address (run: ping www.yahoo.com and confirm a “Reply from” response).
If you get a good “Reply from” (shown below), there may be something wrong with browsing (possibly proxy or firewall).
- Ping a known public IP address (run: ping 126.96.36.199 and confirm a “Reply from” response).
If this works (meaning your Ethernet Express connection is working), you may have something wrong with your DNS
- Check your internal switch and/or firewall devices for proper lights (power and traffic).
If those devices look like they have power and are taking traffic, you should contact DataYard support.
How can I manage my Windows Fusion site using Core FTP?
How to install and use coreFTP to manage your Windows Fusion website.
Along with IIS 7 Manager and WebMatrix, Windows Fusion also offers FTP capabilities. Below you will find information on how to connect and manage content with Core FTP.
If you do not already have a copy of Core FTP, it can be downloaded here http://www.coreftp.com/download.html
Once installed, open it up. You should see something like this:
The folders on the left are the folders on your local machine.
Now, click on File followed by Connect.
This will open up the Site Manager window. Click on New Site.
A new, unnamed site should have been added to the list on the left side. You should now name your site and fill in your FTP connection information. Try to avoid naming it “my website” or anything like that to avoid confusion (especially if you manage multiple sites). For this example, my site’s name is ‘windowsfusion.donet.com’ so that’s what I named my site within Core FTP. Here’s what the completed FTP connection looks like:
Another great thing about Windows Fusion is that, if you want to use an encrypted connection, you can! To enable this feature in Core FTP, select “Auth TLS” from the Connection drop-down menu.
After clicking Connect, you will be connected to the web server, and the directories belonging to your user name will appear on the right side of Core FTP (your local desktop will be on the left).
The /php directory is where the PHP configuration (php.ini file) is stored, the /www directory is where you will upload your site content, and the rest of the directories can be ignored unless otherwise instructed.
For additional documentation, FAQs, tutorials, etc., please visit the Core FTP website.
If you have any questions or concerns please contact DataYard support.