BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

What Exactly Is NIST?

What Exactly Is NIST?

No matter what industry you work in, chances are you’ve encountered the term NIST at one time or another.

It’s most often used in relation to technology and, specifically, in relation to cybersecurity.

Like many things related to these fields, NIST is both complicated and simple. It’s complicated because you have to have a bit of background to fully understand what it represents. It’s simple because once you understand this background, NIST actually makes a lot of sense.



What Is NIST?

NIST is a federal agency within the United States Government (specifically, the U.S. Department of Commerce). The acronym stands for National Institute of Standards and Technology.

As an agency, NIST was founded by Congress in 1901. Basically, it was established as a way to standardize and promote competitiveness within the fields of science and technology in the U.S. A simultaneous mission was to promote the harnessing of science and technology to improve quality of life in the U.S. and protect our economic security.

What Does NIST Have to Do With Cybersecurity?

Essentially, the National Institute of Standards and Technology has its hands in many areas of industry. But more recently — from the late 20th century up until today — it has particularly impacted how we create, use, and disseminate technology.

As computers and the Internet became more ubiquitous in recent decades, it became apparent to the government that some standardized practices needed to be established. NIST became the authoritative body that would create and disseminate these standardized practices.

According to the NIST website, “Congress has given NIST responsibility to disseminate consistent clear, concise, and actionable resources to small businesses.” That goes for all other sizes of businesses too.

In addition, NIST standards generally apply to all industries. Most importantly, where cybersecurity is uniquely concerned, NIST 800-171 was created to control unclassified government information that is being stored and/or handled by non-governmental organizations.

What Is NIST 800-171?

NIST 800-171 is a special publication that was created and is mandated by the National Institute of Standards and Technology. The goal of this publication is to maintain uniformity in how organizations handle data — especially sensitive government data.

Both small to mid-sized businesses and large enterprises should know about NIST 800-171. As a business owner or C-level executive, it’s important that you, specifically, know about it. And if you work with the federal government — either directly or indirectly — it’s absolutely critical that you know about it.

Essentially, any business that works with the government or with government information needs to be NIST 800-171 compliant. But even companies that don’t work directly or indirectly with government information can find it useful as well.

Here are the basics:

Special publication NIST 800-171 was created to protect something called “Controlled Unclassified Information.”

What is “Controlled Unclassified Information,” you ask?

Controlled Unclassified Information, or CUI, is information that is relevant to the federal government but not necessarily classified. A good example would be legal documents or technical drawings of government projects.

This is important information to keep secure, and though it is not technically “classified” and doesn’t include “state secrets,” the government has an interest in protecting it and making sure it doesn’t fall into sinister hands.

How Does a Business Stay Compliant With NIST 800-171?

We’re not going to tell you that it’s impossible to stay compliant with NIST 800-171 on your own — without the help of a managed service provider.

However … it’s much harder.

NIST compliance is not simple.

First, you have to know which information is CUI and where it is located (all copies). You then have to classify and categorize that information. After that, you have to limit access to the CUI so that only authorized workers can see and use it. You also have to encrypt it.

Once that’s done, you should implement a system of monitoring to ensure that all CUI access dates and times are logged. From there, you need a system of training that can educate your employees on all of this information and how to reduce the risk of CUI access across the board.

Interested in Discovering More About How to Stay NIST Compliant?

As we said, NIST 800-171 compliance is not simple.

It’s far easier to have a managed service provider handle it for you. If you already work with an MSP you trust, talk to them about NIST compliance. If not, get in touch with a reputable MSP in your area today. Managing your NIST compliance is something that shouldn’t wait.

What is NIST

More Like This

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

Original release date: May 18, 2022 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager …

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control Read More »

Read More

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

Original release date: May 18, 2022 Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory …

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 Read More »

Read More

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access

Original release date: May 17, 2022 Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security configurations (either misconfigured …

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access Read More »

Read More

157-Year-Old Lincoln College Succumbed To A Ransomware Attack

157-Year-Old Lincoln College Succumbed To A Ransomware Attack On May 13th, 2022, a college that has remained open through two world wars, the 1918 Spanish flu epidemic, and the Great Depression will close its doors. The college has been struggling to stay afloat in recent years, and the coronavirus pandemic and a recent ransomware attack …

157-Year-Old Lincoln College Succumbed To A Ransomware Attack Read More »

Read More

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security …

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers Read More »

Read More

Zero Trust Networks: What Are They?

Zero Trust Networks: What Are They? The internet has brought a world of opportunity for businesses. It is easy for companies to reach out to consumers and offer them products or services without a physical storefront. However, this also opens businesses up to the risk of data breaches and cyber attacks. Cyber attacks can be …

Zero Trust Networks: What Are They? Read More »

Read More