A Brief History of Training

Knowing NIST Special Publication 800-171 and Its Requirements

Recently, a major requirement has been set up by the Department of Defense with respect to service providers, contractors and subcontractors, who have been outsourced by the US federal government on a wide range of projects and business activities that make use heavily on the government’s information system and due to the sensitivity of the information that has been accessed to their end, the Defense Department insists that they have prepared protective and preventive measures on cyber security and in relation to this, it has been mandated by the Defense Department to require all operators to be NIST Special Publication 800-171compliant on or before December 31, 2017.

Creating and requiring the NIST Special Publication 800-171, which is a general framework of procedures to protect government information, particularly called Controlled Unclassified Information (CUI), vital information that are accessible to service operators and are basically used in the federal government’s day-to-day operations, and, thus, the Defense Department aims to achieve total cyber security protection and compliance from these outsourced providers. These outsource service providers are hired to perform many routine works, such as the processing, storing and transmitting of federal information in their information computer system, delivering these data information (for example, providing credit card and financial services, providing Web and electronic mail services, conducting background investigations for security clearances, processing healthcare, providing cloud services, developing communications satellite and weapons systems) to federal agencies and, therefore, it is of paramount importance that a system be adopted to protect the sensitivity of this form of work by way of requiring all outsourced service providers to be compliant to NIST Special Publication 800-171.

You lose your government contract if you do not comply with this requirement and this is why hired service operators are either hiring the services of expert contractors who have knowledge on NIST Special Publication 800-171 or they can do it on their own by following these recommendations: perform a gap analysis and establish an incident response plan.

By conducting a security analysis of your system processing, of which this is referred to as gap analysis, you need to check and go over all the control gaps of your network based on the policies of NIST Special Publication 800-171 and find out if your current projects and systems used comply and finding out which areas need to be compliant, such that in doing so you have to work this out with your staff by helping them investigate on the network map, as well as configurations, and thorough checking on the compliance checklist especially with respect to the processing treatment of Controlled Unclassified Information. To be able to meet up with complying to the NIST Special Publication 800-171 requirement, as a government contractor handling sensitive information data, it is obligatory at your end to analyse the results of the gap analysis so that further changes may be introduced into securing or protecting the system from cyber intrusion or an insider investigation which can be prevented if you have introduced a two factor authentication process where there are no shared passwords, as well as coming up with an incident response plan in case of a cyber attack.

5 Key Takeaways on the Road to Dominating Technology

Why People Think Security Are A Good Idea

Comments are closed.