NIST 800-171 Compliant
NIST 800-171 management of CUI (Controlled Unclassified Information)
Legacy uses NIST 800-171 to manage all data in relation to:
Legacy uses NIST 800-171 to manage all data in relation to:
- Contractors for the Department of Defense (DoD)
- Contractors for the General Services Administration (GSA)
- Contractors for the National Aeronautics and Space Administration (NASA)
- Universities and research institutions supported by federal grants
- Consulting companies with federal contracts
- Service providers for federal agencies
- Manufacturing companies supplying goods to federal agencies
Our NIST 800-171 process also provides for:
- Access controls: Who has access to data and whether or not they’re authorized.
- Awareness and training: Your staff should be adequately trained on CUI handling.
- Audit and accountability: Know who’s accessing CUI and who’s responsible for what.
- Configuration management: Follow guidelines to maintain secure configurations.
- Identification and authentication: Manage and audit all instances of CUI access.
- Incident response: Data breach preparedness and response plan protecting CUI.
- Maintenance: Ensure ongoing security and change management to safeguard CUI.
- Media protection: Secure handling of backups, external drives, and backup equipment.
- Physical protection: Authorized personnel only in physical spaces where CUI lives.
- Personnel security: Train your staff to identify and prevent insider threats.
- Risk assessment: Conduct pen testing and formulate a CUI risk profile.
- Security assessment: Verify that your security procedures are in place and working.
- System and communications protection: Secure your comms channels and systems.
- System and information integrity: Address new vulnerabilities and system downtime.
