NIST SP 800-171 Assessment Checklist
If you are preparing for your NIST 800-171 assessment, this checklist will help you organize your thoughts, understand CMMC scoring, and more. Download it for free today.
This blog post defines another acronym that appears often in CMMC 2.0 and NIST SP 800-171r2. The acronym is FIPS, and most often you will see it as part of the phrase, “FIPS-validated cryptography.” This appears specifically in 3.1.13 in NIST 800-171r2. Incidentally, this control is one of the most commonly “unmet” controls in DIBCAC assessments. You can learn more about that list in our December 2023 webinar.
If FIPS validation is a high level of security for CUI and cryptography is an encoding of CUI, the two together help to provide the kind of protection at the heart of the NIST standard. Other facets of NIST security controls will further strengthen the protection of CUI you receive, store, or distribute. These other tactics include rigid access control policies, multi-factor authorization protocols, and more.
It is important to remember that even if you are working with an External Service Provider (ESP), responsibility for the protection of the CUI you work with falls on you. A shared responsibility matrix is helpful in working out with your ESP who will cover different parts of the cybersecurity plan so nothing falls through the cracks. That includes tasks like training and education to staff members, regularly updating cryptographic controls, and more.
Are you wondering how much of a journey you have until you reach FIPS-validated cryptography in your organization? Do you have questions about other controls in the NIST SP 800-171 standard? Contact us today or schedule a no-obligation 30-minute conversation. While we cannot offer consultation, we can help you decrypt what some of the NIST requirements translate to in the real world.