Discover how Smithers can help organizations facilitate a strong cybersecurity environment within their businesses.
The careful, meticulous, and deliberate handling of sensitive or important data is critical to organizations' success in today's ever-evolving cyber environment. When information is so quickly and readily available, exchanged, or processed at lightning speed, there are bound to be vulnerabilities when human interaction is involved. Thus, a detailed plan regarding processes and procedures of how to deal with and mitigate potential threats is crucial.
However, when you add the federal government and Controlled Unclassified Information (CUI) into the mix, the importance of cybersecurity for a company working with this type of data grows exponentially.
What exactly is CUI? Any information that is considered sensitive in nature to the U.S.'s interest but not regulated by the federal government.
According to archives.gov, "32 CFR Part 2002 "Controlled Unclassified Information" was issued by ISOO (Information Security Oversight Office) to establish policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI, self-inspection and oversight requirements, and other facets of the Program. The rule affects Federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to Federal information and information systems on behalf of an agency."
How does an organization begin to protect itself from cyberthreats when handling CUI? The National Institute of Standards and Technology (NIST) offers a standard that lays out a roadmap for protecting and handling CUI or other sensitive information.
Its genesis was facilitated roughly 18 years ago, at least in part, by several cyberattacks perpetrated against well-known government institutions, such as the USPS and NOAA. For specific government agencies like the Department of Defense (DoD) or NASA, a revised version of NIST 800-171 compliance took effect only four years ago, making it a requirement for anyone who works with CUI to implement processes and protocols to secure the handling of this data.
In other words, within a company that works with these federal institutions, any employee that handles, processes, is responsible for its storage, or who disseminates it, must follow the specific guidelines and procedures in NIST 800-171 compliance laid out in the standard. This includes organizations that have contracted with the likes of the DoD or NASA.
Since the world of cybersecurity is always evolving, the journey to NIST 800-171 compliance requires diligence and a focused time commitment. There are 14 significant points or aspects of the NIST 800-171 standard to consider as the process of compliance begins:
The Smithers Quality Assessments Division is committed to and ready to support your company's initiatives in becoming NIST 800-171 Compliant and improving your cybersecurity protocols. For more insights, please take a look at our NIST 800-171 overview guide below, or if you have any questions, reach out to our cybersecurity expert.
Contact us today to learn more about our services and download our NIST Companion Guide below: