Protecting Sensitive Data: Understanding the NIST 800-171 Cybersecurity Framework

comment : 28

Today, cybersecurity threats, incidents, and breaches are prevalent in organizations of all sizes and industries, especially during this COVID-19 era. Frequent public announcements of data breaches are distributed by hospitals, financial institutions, retail stores, and a variety of businesses informing consumers almost daily. In this fast-moving agile environment even, the federal government relies on external service providers to carry out business functions with entities such as State and local governments, colleges and universities, and independent research organizations. Entities routinely process, store, and transmit sensitive federal information in their systems to support the delivery of essential products and services to federal agencies. 

Mission Critical Products and Services

The U.S. Department of Commerce National Institute of Standards and Technology (NIST) states that organizations participate in an array of activities (e.g., provide credit card and other financial services; provide Web and electronic mail services; conduct background investigations for security clearances; process healthcare data; provide cloud services; and develop communications, satellite, and weapons systems). The services provided to the federal government usually contain sensitive information. The term used to categorize transfer, dissemination, and storage of this type of data is Controlled Unclassified Information (CUI). 

Starting a Cybersecurity Management Program 

Entities with limited internal resources, accelerated digital transformation projects, and heavy reliance on Third Parties for services has intensified the need to protect non-federal and federal Controlled Unclassified Information (CUI). A review of the NIST 800-171 Revision 2 framework titled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is the first step in the process. Establishing a comprehensive cybersecurity management program that includes the 13 Security Requirement Families illustrated below is crucial to every organization.

NIST Security Requirement Families
Access Control         
Awareness and Training
Audit and Accountability
Configuration Management
Identification and Authentication
Incident Response
Media Protection
Personnel Security
Physical Security
Risk Assessment
Security Assessment
System and Communications Protection
System and Information Integrity

Who Needs to Know?

According to the NIST, the publication of the framework serves the following diverse group of individuals and organizations in both public and private sectors. 

Responsibility Focus Areas Titles
System development life cycle responsibilities Program Managers, Mission/Business Owners, Information Owners/Stewards, System Designers and Developers, System/Security Engineers, Systems Integrators
Acquisition or procurement responsibilities Contracting Officers
System, security, or risk management and oversight responsibilities Authorizing Officials, Chief Information Officers, Chief Information Security Officers, System Owners, Information Security Managers
Security assessment and monitoring responsibilities Auditors, System Evaluators, Assessors, Independent Verifiers/Validators, Analysts

What are the next steps?

Consulting with an advisory firm or consultant specializing in cybersecurity risk management is key to navigating the compliance landscape. Upon exploring the complexities of the NIST 800-171 model stakeholders will discover that there are a lot of moving parts to implementing a successful program. Documenting findings on Excel spreadsheets may be the norm for some organizations, however, a review of the numerous questions, countless tasks, and remediation efforts (if applicable) required to maintain compliance can be overwhelming. An integrated risk management platform encompassing data protection standards and regulations is highly recommended. A recent demonstration of the VigiOne solution by VigiTrust (an information security services company), illustrated superb compliance functionality in one program. The platform is embedded with project management features, scanning, tracking, reporting, eLearning, monitoring, planning, and document uploading capabilities. Organizations with limited cybersecurity human resources would greatly benefit from the VigiOne tool.

About the Author
Cathy C. Smith, Founder/CEO at Chameleon Consulting, LLC has a history of strategically transforming traditional organizations into digital businesses. Cathy has a 20 + years in financial services and has held senior management positions in Banking, Insurance, Government, and Non-profit organizations.
  1. yenilmezler Reply

    Olivia thanks for sharing the handy post. Point number 6 and 7 is good addition in my list of 24 things to do when publishing a new blog post. Robena Stu Ifill

  2. best law essay writing service Reply

    Wonderful site. Plenty of useful info here.
    I am sending it to some pals ans also sharing in delicious.
    And certainly, thank you on your sweat!
    Customized Composing Providers
    best law essay writing service
    best law essay writing service

  3. watch Reply

    Aw, this was a really nice post. Spending some time and actual effort to generate a great article?but what can I say?I hesitate a lot and never seem to get anything done. Carey Lanie Ginsberg

  4. yabanci Reply

    Hello there. I discovered your website by way of Google even as searching for a similar matter, your website got here up. It seems to be great. I have bookmarked it in my google bookmarks to come back then. Cybil Kincaid Profant

  5. donmadan Reply

    Excellent article. I absolutely appreciate this website. Keep writing! Clari Upton Holli

  6. torrent Reply

    Unquestionably believe that which you stated. Your favorite reason appeared to be on the web the simplest thing to be aware of. I say to you, I definitely get irked while people consider worries that they plainly do not know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side effect , people can take a signal. Will probably be back to get more. Thanks Merralee Rodrick Anderea

  7. online Reply

    I am thinking of visiting your website again Thanks Claudette Pen Redman

  8. hindi movie Reply

    You can tally me in for a Digg. Thanks for posting this on your site! Melesa Dewie Gypsie

  9. altyazili Reply

    I have learn several just right stuff here. Definitely price bookmarking for revisiting. I wonder how a lot effort you set to create this sort of fantastic informative web site. Ondrea Norbie Sommers

  10. turkce Reply

    Nice blog here! Also your website loads up very fast! What web host are you using? Can I get your affiliate link to your host? I wish my website loaded up as quickly as yours lol Sarina Ebenezer Orling

  11. turkce Reply

    Im grateful for the article post. Thanks Again. Awesome. Keely Lockwood Rayford

  12. turkce Reply

    You made some really good points there. I looked on the web to find out more about the issue and found most individuals will go along with your views on this site. Marlee Terrance Vivienne

  13. turkce Reply

    Some really nice stuff on this website , I love it. Marian Ulrick Tacye

  14. turkce Reply

    I truly appreciate this post. I have been looking everywhere for this! Thank God I found it on Google. You ave made my day! Thanks again! Beverlie Mathias Dambro

  15. turkce Reply

    I value you taking the time to write this post. It has been extremely beneficial to me in fact. Value it. Aviva Ax Lovato

  16. turkce Reply

    Definitely, what a fantastic blog and educative posts, I will bookmark your blog. Have an awsome day! Tana Scottie Stodder

  17. turkce Reply

    I have been examinating out some of your articles and i can claim pretty clever stuff. I will make sure to bookmark your blog. Tara Drud Thorma

  18. turkce Reply

    You made some decent points there. I looked on the internet for the issue and found most people will approve with your blog. Godiva Laurie Friedlander

  19. turkce Reply

    I am very happy to read this. This is the type of manual that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this greatest doc. Elissa Harbert Meuser

  20. turkce Reply

    Good post. I definitely love this website. Continue the good work! Ashli Ricky Rosenthal

  21. turkce Reply

    Cool idea! Underfloor heating is good that warm air rises from the bottom and warms everything in its path until rising to the ceiling. Lebbie Fidole Asquith

  22. turkce Reply

    Absolutely indited content material , appreciate it for entropy. Nancee Bruce Jephum

  23. turkce Reply

    After checking out a few of the articles on your web site, I seriously like your way of writing a blog. I added it to my bookmark site list and will be checking back in the near future. Please visit my website too and tell me your opinion. Lesly Rawley Sailesh

  24. turkce Reply

    Hi! I simply want to offer you a huge thumbs up for your excellent information you have here on this post. I will be returning to your blog for more soon. Carolee Arthur Kester

  25. turkce Reply

    Thanks a lot for providing individuals with an extraordinarily breathtaking possiblity to read from this website. It can be so ideal plus packed with a great time for me personally and my office friends to visit your blog at the very least thrice every week to learn the newest guidance you have got. And of course, I am also certainly happy concerning the impressive suggestions you serve. Some 3 areas in this post are in fact the most effective I have had. Devonna Udell Antipus

  26. turkce Reply

    Good day! This is my first visit to your blog! We are a collection of volunteers and starting a new project in a community in the same niche. Your blog provided us beneficial information to work on. You have done a marvellous job! Adelle Dani Rhyne

  27. erotik Reply

    Wonderful article! We will be linking to this great article on our website. Keep up the good writing. Lynda Dunc Wood

  28. Wyatt Reply

    Superb, what a blog it is! This website provides helpful facts to us,
    keep it up.

Leave a Reply