The Key Elements of Great Computers
Uncategorized
Preparing for NIST Special Publication 800-171Compliance
Recently, a major requirement has been set up by the Department of Defense with respect to service providers, contractors and subcontractors, who have been outsourced by the US federal government on a wide range of projects and business activities that make use heavily on the government’s information system and due to the sensitivity of the information that has been accessed to their end, the Defense Department insists that they have prepared protective and preventive measures on cyber security and in relation to this, it has been mandated by the Defense Department to require all operators to be NIST Special Publication 800-171compliant on or before December 31, 2017.
Creating and requiring the NIST Special Publication 800-171, which is a general framework of procedures to protect government information, particularly called Controlled Unclassified Information (CUI), vital information that are accessible to service operators and are basically used in the federal government’s day-to-day operations, and, thus, the Defense Department aims to achieve total cyber security protection and compliance from these outsourced providers. Because outsourced service providers are given tasks that carry sensitive information by the federal government some of these are the following: processing, storing and transmitting of data information that involves the following services – financial, healthcare, cloud services, Web and electronic mail, security clearances with prior background investigations and even as serious an information as communications satellite and weapons system, it is important that they comply to the NIST Special Publication 800-171 requirement set up by the Defense Department.
You lose your government contract if you do not comply with this requirement and this is why hired service operators are either hiring the services of expert contractors who have knowledge on NIST Special Publication 800-171 or they can do it on their own by following these recommendations: perform a gap analysis and establish an incident response plan.
When you, as a government contractor, have to comply on your own on the NIST Special Publication 800-171 requirement, the first important step is to conduct a security analysis through all your control systems and compare the analysis results to the policies of the NIST Special Publication 800-171and determine which areas need to be worked on so they can be compliant, which requires discussing this with your staff, investigating on your company’s network maps and configurations especially related into the treatment process of Controlled Unclassified Information. It is important that you have a thorough gap analysis and report of the overall investigation of your system so that changes can be introduced such as a two factor authentication to make sure that there are no shared passwords and that an incident response plan will also be required which is providing solutions in situations when there is a cyber intrusion or when there is an insider investigation.