Cavirin Blog

The NIST SP 800-171 Deadline - We've Got You Covered

The need to have strong security practices in place to protect sensitive government data from outside threats has never been greater.  By December 31, 2017, the Department of Defense will require NIST SP 800-171 compliance for all its contracts that handle controlled unclassified information (CUI) outside of government agencies. 

According to the U.S. Nation Archives and Record Administration “CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended”.  In other words, it’s unclassified sensitive information that the US federal government believes should be protected to assure minimal risk of cyberattacks on America.  This includes citizen’s financial, legal, higher education, immigration, tax and healthcare records plus organizations patent, proprietary business, and SAFETY Act Information.   You can find the complete list of categories and sub-categories (with descriptions) on the National Archives Web site.  

If you are a government supplier or a contractor selling to a government supplier, and you process, store, or transmit CUI then you are required to be NIST SP 800-171 compliant—industries include higher education, manufacturing, healthcare, financial, high-tech, state, local and tribal governments. 

The good news is that many of you have already created a security plan and there are tools available to help access and manage the 14 key security objectives associated with NIST SP 800-171. 

One option is the Cavirin Platform (built for the hybrid cloud) which includes mappings to all security controls contained in NIST SP 800-171.  This solution uses a synchronized feed from the NIST National Vulnerability Database to perform a security assessment and determine an organization’s security posture. The feed directly provides the Common Vulnerabilities and Exposures (CVEs) severity and base score that is used in its risk scoring algorithm to project the risk posture from unpatched vulnerabilities and provides prescriptive guidance for fixing each failed control.  With supporting reports, you will have the documentation required to show compliancy.  What’s even better is that with Cavirin, most organizations are set-up and scanning in under an hour, so you can quickly identify and address deficiencies.  Such speed will allow you to meet the end of the year NIST SP 800-171 deadline and protect your federal government contracts. 

NIST SP 800-171 compliance – we've got you covered!

 

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.