Protecting Sensitive Data: Understanding the NIST 800-171 Cybersecurity Framework
Today, cybersecurity threats, incidents, and breaches are prevalent in organizations of all sizes and industries, especially during this COVID-19 era. Frequent public announcements of data breaches are distributed by hospitals, financial institutions, retail stores, and a variety of businesses informing consumers almost daily. In this fast-moving agile environment even, the federal government relies on external service providers to carry out business functions with entities such as State and local governments, colleges and universities, and independent research organizations. Entities routinely process, store, and transmit sensitive federal information in their systems to support the delivery of essential products and services to federal agencies.
Mission Critical Products and Services
The U.S. Department of Commerce National Institute of Standards and Technology (NIST) states that organizations participate in an array of activities (e.g., provide credit card and other financial services; provide Web and electronic mail services; conduct background investigations for security clearances; process healthcare data; provide cloud services; and develop communications, satellite, and weapons systems). The services provided to the federal government usually contain sensitive information. The term used to categorize transfer, dissemination, and storage of this type of data is Controlled Unclassified Information (CUI).
Starting a Cybersecurity Management Program
Entities with limited internal resources, accelerated digital transformation projects, and heavy reliance on Third Parties for services has intensified the need to protect non-federal and federal Controlled Unclassified Information (CUI). A review of the NIST 800-171 Revision 2 framework titled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is the first step in the process. Establishing a comprehensive cybersecurity management program that includes the 13 Security Requirement Families illustrated below is crucial to every organization.
NIST Security Requirement Families |
Access Control |
Awareness and Training |
Audit and Accountability |
Configuration Management |
Identification and Authentication |
Incident Response |
Media Protection |
Personnel Security |
Physical Security |
Risk Assessment |
Security Assessment |
System and Communications Protection |
System and Information Integrity |
Who Needs to Know?
According to the NIST, the publication of the framework serves the following diverse group of individuals and organizations in both public and private sectors.
Responsibility Focus Areas | Titles |
System development life cycle responsibilities | Program Managers, Mission/Business Owners, Information Owners/Stewards, System Designers and Developers, System/Security Engineers, Systems Integrators |
Acquisition or procurement responsibilities | Contracting Officers |
System, security, or risk management and oversight responsibilities | Authorizing Officials, Chief Information Officers, Chief Information Security Officers, System Owners, Information Security Managers |
Security assessment and monitoring responsibilities | Auditors, System Evaluators, Assessors, Independent Verifiers/Validators, Analysts |
What are the next steps?
Consulting with an advisory firm or consultant specializing in cybersecurity risk management is key to navigating the compliance landscape. Upon exploring the complexities of the NIST 800-171 model stakeholders will discover that there are a lot of moving parts to implementing a successful program. Documenting findings on Excel spreadsheets may be the norm for some organizations, however, a review of the numerous questions, countless tasks, and remediation efforts (if applicable) required to maintain compliance can be overwhelming. An integrated risk management platform encompassing data protection standards and regulations is highly recommended. A recent demonstration of the VigiOne solution by VigiTrust (an information security services company), illustrated superb compliance functionality in one program. The platform is embedded with project management features, scanning, tracking, reporting, eLearning, monitoring, planning, and document uploading capabilities. Organizations with limited cybersecurity human resources would greatly benefit from the VigiOne tool.
Olivia thanks for sharing the handy post. Point number 6 and 7 is good addition in my list of 24 things to do when publishing a new blog post. Robena Stu Ifill
Wonderful site. Plenty of useful info here.
I am sending it to some pals ans also sharing in delicious.
And certainly, thank you on your sweat!
https://books.webgarden.com/section-1/circus-books-for-young-adults:18
Customized Composing Providers
best law essay writing service
best law essay writing service
Aw, this was a really nice post. Spending some time and actual effort to generate a great article?but what can I say?I hesitate a lot and never seem to get anything done. Carey Lanie Ginsberg
Hello there. I discovered your website by way of Google even as searching for a similar matter, your website got here up. It seems to be great. I have bookmarked it in my google bookmarks to come back then. Cybil Kincaid Profant
Excellent article. I absolutely appreciate this website. Keep writing! Clari Upton Holli
Unquestionably believe that which you stated. Your favorite reason appeared to be on the web the simplest thing to be aware of. I say to you, I definitely get irked while people consider worries that they plainly do not know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side effect , people can take a signal. Will probably be back to get more. Thanks Merralee Rodrick Anderea
I am thinking of visiting your website again Thanks Claudette Pen Redman
You can tally me in for a Digg. Thanks for posting this on your site! Melesa Dewie Gypsie
I have learn several just right stuff here. Definitely price bookmarking for revisiting. I wonder how a lot effort you set to create this sort of fantastic informative web site. Ondrea Norbie Sommers
Nice blog here! Also your website loads up very fast! What web host are you using? Can I get your affiliate link to your host? I wish my website loaded up as quickly as yours lol Sarina Ebenezer Orling
Im grateful for the article post. Thanks Again. Awesome. Keely Lockwood Rayford
You made some really good points there. I looked on the web to find out more about the issue and found most individuals will go along with your views on this site. Marlee Terrance Vivienne
Some really nice stuff on this website , I love it. Marian Ulrick Tacye
I truly appreciate this post. I have been looking everywhere for this! Thank God I found it on Google. You ave made my day! Thanks again! Beverlie Mathias Dambro
I value you taking the time to write this post. It has been extremely beneficial to me in fact. Value it. Aviva Ax Lovato
Definitely, what a fantastic blog and educative posts, I will bookmark your blog. Have an awsome day! Tana Scottie Stodder
I have been examinating out some of your articles and i can claim pretty clever stuff. I will make sure to bookmark your blog. Tara Drud Thorma
You made some decent points there. I looked on the internet for the issue and found most people will approve with your blog. Godiva Laurie Friedlander
I am very happy to read this. This is the type of manual that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this greatest doc. Elissa Harbert Meuser
Good post. I definitely love this website. Continue the good work! Ashli Ricky Rosenthal
Cool idea! Underfloor heating is good that warm air rises from the bottom and warms everything in its path until rising to the ceiling. Lebbie Fidole Asquith
Absolutely indited content material , appreciate it for entropy. Nancee Bruce Jephum
After checking out a few of the articles on your web site, I seriously like your way of writing a blog. I added it to my bookmark site list and will be checking back in the near future. Please visit my website too and tell me your opinion. Lesly Rawley Sailesh
Hi! I simply want to offer you a huge thumbs up for your excellent information you have here on this post. I will be returning to your blog for more soon. Carolee Arthur Kester
Thanks a lot for providing individuals with an extraordinarily breathtaking possiblity to read from this website. It can be so ideal plus packed with a great time for me personally and my office friends to visit your blog at the very least thrice every week to learn the newest guidance you have got. And of course, I am also certainly happy concerning the impressive suggestions you serve. Some 3 areas in this post are in fact the most effective I have had. Devonna Udell Antipus
Good day! This is my first visit to your blog! We are a collection of volunteers and starting a new project in a community in the same niche. Your blog provided us beneficial information to work on. You have done a marvellous job! Adelle Dani Rhyne
Wonderful article! We will be linking to this great article on our website. Keep up the good writing. Lynda Dunc Wood