NIST SP 800-171, a NIST Special Publication, outlines suggested measures to safeguard the confidentiality of controlled unclassified information (CUI). Compliance with NIST SP 800-171 is mandatory for organizations handling or storing CUI, including the Department of Defense, universities/research institutions that receive federal grants, and service providers to government agencies.
Learn more about each of the NIST SP 800-171 control families by checking out each post in our NIST SP 800-171 series:
- Access Control
Access control comprises two primary elements: authentication and authorization. Authentication verifies the identity of an individual, while authorization decides if that user has permission to access the requested data. - Awareness and Training
All staff members, employees, temporary staff, as well as third-party vendors and contractors who have access to your workspace, should undergo information security awareness training. This is crucial to safeguard your organization from potential threats and ensure the security of your operations. - Audit and Accountability
Thorough and precise system logging can help prevent and minimize the effects of a possible data breach. - Configuration Management
These controls establish the necessary security levels to uphold when implementing different system modifications. - Identification and Authentication
It is essential for your system to verify the identity of all users before granting access. - Incident Response
Create a process for managing operational incidents in organizational systems and report any incidents to designated officials, whether they are internal or external to the organization. - Maintenance
Establish a schedule and procedures for regular maintenance of your organizational systems. - Media Protection
The controls set guidelines for safeguarding media and specify permitted storage devices, authorized personnel for accessing and sharing media, and approved methods for media disposal. - Personnel Security
Screen individuals before granting access to organizational systems that hold CUI. - Physical Protection
Restrict access to organizational systems, equipment, and their operating environments to authorized personnel only. - Risk Assessment
Organizations must regularly evaluate the risk to their operational activities, assets, and individuals engaged in handling, storing, or transmitting CUI. - Security Assessment
Periodically evaluate the security controls in organizational systems to ensure their efficacy. - System and Communications Protection
This ensures the protection of any data sent or received by an organization at both the external and internal boundaries of systems. - System and Information Integrity
Maintain the integrity of systems and any data processed, stored, or transmitted within your organization.
The CampusGuard team is available to assist your organization with the NIST SP 800-171 compliance requirements. Contact us to get started.