NIST SP 800-171 Compliance Whitepaper

Posted by Rick Palermo on Dec 17, 2018 10:02:46 AM

Problem Statement

In October, 2016 the Federal Government published Defense Federal Acquisition Regulation Supplement 252.204-7012 requiring all non-Federal entities doing business with the Department of Defense that process, store, transfer or have access to  controlled unclassified information (CUI) to be in compliance with the security requirements published in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800–171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. Contractors and their subcontractors were directed to implement NIST SP 800-171 standards no later than December 31, 2017. 

Read More

Topics: Compliance, DFARS, NIST, Risk, Ascolta

System and Information Integrity

Posted by Rick Palermo on Sep 13, 2018 12:41:45 PM

This is the last (thank goodness) of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the System and Information Integrity Policy and Procedures family.

Read More

Topics: Compliance, DFARS, NIST, Information Integrity

System and Communications Protection

Posted by Rick Palermo on Sep 5, 2018 12:14:17 PM

This is the thirteenth (oooh scary) of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the System and Communications Protection Policy and Procedures family.

Read More

Topics: Compliance, Security, DFARS, NIST, System, Communications Protection

Security Assessment

Posted by Rick Palermo on Aug 20, 2018 11:21:59 AM

This is the twelfth of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the Security Assessment Policy and Procedures family.

Read More

Topics: Compliance, Security, DFARS, NIST, Assessment

Risk Assessment

Posted by Rick Palermo on Aug 14, 2018 8:40:53 AM

This is the eleventh of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the Risk Assessment Policy and Procedures family.

Read More

Topics: Compliance, Security, DFARS, NIST, Risk, Assessment

Physical Security

Posted by Rick Palermo on Jul 17, 2018 12:28:40 PM

This is the tenth of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the Physical Security Policy and Procedures family.

Read More

Topics: Compliance, Security, DFARS, NIST, Physical Security

Personnel Security

Posted by Rick Palermo on Jul 12, 2018 7:40:23 AM

This is the ninth of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the Personnel Security Policy and Procedures family.

Read More

Topics: Compliance, Security, DFARS, NIST, Access Control

Greenfield tackles the Top 10, no, make that 11, hardest controls

Posted by Rick Palermo on Jul 9, 2018 12:37:42 PM

Exostar, a leading monitor of NIST compliance, recently randomly selected over 1,000 of their users that have completed the Exostar NIST 800-171 form to determine the pain points in achieving NIST compliance.  Their post can be found here.  

Read More

Topics: DFARS, NIST, Security Controls

Media Protection

Posted by Rick Palermo on Jun 28, 2018 9:52:01 AM

This is the eighth of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the Media Protection Policy and Procedures family.

Read More

Topics: Compliance, Security, DFARS, NIST, Media Protection

Maintenance

Posted by Rick Palermo on Jun 25, 2018 10:14:59 AM

This is the seventh of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems, compliance.  This entry covers the controls contained in the Maintenance Policy and Procedures family.

Read More

Topics: Compliance, Security, DFARS, NIST, Maintenance