NIST is the abbreviation for National Institute of Standards and Technology. This is a body that is concerned with awarding Department of Defense(DoD) contracts to individuals. Over the year’s contracts have been awarded to contractors and sub-contractors but in the event of the rise in cyber-attacks, they raised the requirement for a contractor or a subcontractor to a contractor to be NIST 800-171 compliant. This involves the secure file sharing and information exchange governance. That translates that the information being shared doesn’t leak to unwanted hands. There are several steps that are taken into consideration for one to be NIST 800-171 compliant.
The first step is to locate the systems in the network that hold the controlled unclassified information(CUI). These range from the online cloud platforms like one drive and also portable devices like hard drives or even local storage including CIFS files. This ensures that one has a clear head when it comes to information governance. The second step is hence to categorize. The files that fall under the CUI bracket should be separated from those that don’t qualify this helps in the hastening and smoothing the process of auditing for NIST 800-171 compliance. Learn more here: https://www.complyup.com/cmp-pricing/
The other step is the limitation. This is where you restrict access to the CUI files to only authorized employees. These authorized employees can view, download and share the information in the CUI and have undergone training and testing to be ascertained. The files can also have expiry dates set on them and that causes them to be deleted once the project is complete and hence no access to them thereafter.
Fourthly, there is the need to encrypt the data. All the data should undergo this whether at rest or in transit and this gives you control of the files and adds a layer of security over the systems. On encryption, the data enables compliance and still offers access to the authorized users. It also doesn’t inhibit the sharing through systems like emails and other secure file sharing platforms. The fifth step is to monitor and identify the personalities that have access to the CUI and how the information is being used. NIST 800-171 compliance advocates for the tracing of the individuals in contact with the information so that they can be held accountable for their actions whether malicious or not. The other step is to train and assess. This is where one educates employees on the fundamentals of information governance and ethics ensuring that they understand the risks associated with day to day activities involving CUI. Later it is important to assess them to ensure that they got something during training. For more info, click here.
View more details here at https://en.wikipedia.org/wiki/NIST_Cybersecurity_Framework