Welcome

Stronghold Cyber Security is a veteran-owned cyber security company serving businesses in Central Pennsylvania and Northern Maryland, offering advanced cyber risk management services.

Get In Touch

Email: info@strongholdcybersecurity.com
Phone: 717-549-4009
Address: Gettysburg, PA

Our Location

Gettysburg
NIST 800 Compliance

What you need to know about NIST 800 compliance – Who does NIST 800-171 apply to? Does it apply to your company?

There are endless pages on the Internet trying to explain who is impacted by this.  Here is the BLUF (Bottom Line Up Front):  If you hold for business purposes electronic copies of ANY data that is the property of, or will become the property of the U.S. federal government, and copies of this data are not expressly identified as public, then NIST 800-171 applies to you.  This includes proposals.  If copies of the federal government data you are holding cannot be readily found on a government website, then it is almost certainly CUI (Controlled Unclassified Information), and must be protected in accordance with NIST 800-171.

What is NIST 800-171?

NIST 800 is a cyber security framework with 14 basic high level cyber security requirements (look at chapter three).  If you are starting from scratch, most companies will need 6-8 months to become compliant.  The standard can be viewed in its entirety here:

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf

When does this happen?

Every federal government contractor or subcontractor is expected to comply with NIST 800-171 by December 31st, 2017.  As of this writing, that is about 13weeks away.  If you have not started on your compliance efforts, do not wait any longer.  One caveat here – it is understood that not every business will be able to fully comply with all 14 sections of NIST by the end of this year.  In that event, you need to write a POA&M (Plan of Action and Milestones), showing a progressive plan to become compliant.

Why is this necessary?

From a security standpoint, computer networks fall into two categories:

  1. Those that have been breached already.
  2. Those that will get breached in the future.

Not only is becoming NIST 800-171 compliant mandated by law, doing so will also go a long way toward reducing your business risks.  The NIST standards are very highly regarded in the cyber security community.

Stronghold Cyber Security can help you become NIST compliant, if you’d like to download a FREE NIST 800-171 compliance checklist, please fill in the form below or use the one located on our NIST compliance information page.