The National Institute of Standards and Technology (NIST) is a federal laboratory within the U.S. Department of Commerce that works to refine and more precisely define measurements, metrics, technologies, and standards. From two hubs in Gaithersburg, MD, and Boulder, CO, NIST employs over 3,400 scientists, engineers, and technicians to work alongside thousands of associates from industry and academia to research, test, and recommend improvements to measurements and technologies. Until 1988, NIST was named the National Bureau of Standards.
From nanomaterials to global satellite communication networks, NIST is not confined to a single industry. It works with commercial partners and other federal agencies to drive innovation, enable technological cohesion, facilitate integration, and spur competitiveness. This, in turn, advances industries overall and makes the United States more economically secure.
As it applies to information systems and cloud computing, NIST sets guidelines and security standards that keep data safe, so that organizations may be in full compliance with the Federal Information Security Management Act (FISMA). For example, NIST publishes the NIST Cybersecurity Framework to delineate effective, repeatable processes that guard against data breaches. These standards create a benchmark for cybersecurity across government and commercial enterprises, enabling the most protection at the most efficient investment.
The purpose of NIST Special Publication 800-171, titled Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, is to provide a recommended baseline for protection of Controlled Unclassified Information (CUI) resident in government contractor-owned systems and networks. The requirements apply to all components of government contractor systems that process, store, and/or transmit CUI, or that provide protection for such components. These security requirements are intended for use by federal agencies in contracts as part of doing business with government agencies.
How does NIST 800-171 impact my organization?
If you’re a government contractor, you’ll recognize the importance of NIST 800-171 compliance. Policies set forth by the Office of Management and Budget require agencies to comply with NIST guidance (with a few exceptions for national security programs and systems, which have an independent framework). Failure to comply could negatively impact your contract award, operations, finances, and reputation.
Protecting information and information systems is critical, as the U.S. government makes a tempting target for hackers and hostile foreign nations. As such, data stored or shared with the government is subject to the highest security standards. NIST 800-181 guidance helps keep this information safe by introducing basic level of protecting networks from malware, ransomware, cyberattacks, and internal or external threats.
For Federal agencies and their supporting contractors, NIST 800-171 compliance isn’t just a recommendation – it’s both a roadmap and a mandate to adhere to benchmark security controls for government contractor-owned information systems. Not sure if your organization is NIST 800-171 security compliant? Speak with one of our NIST compliance specialists to see how our managed government information assurance services can help you protect your data and advance your mission.