NIST 800-171 Compliant

NIST 800-171 management of CUI (Controlled Unclassified Information)

Legacy uses NIST 800-171 to manage all data in relation to:

• Contractors for the Department of Defense (DoD)
• Contractors for the General Services Administration (GSA)
• Contractors for the National Aeronautics and Space Administration (NASA)
• Universities and research institutions supported by federal grants
• Consulting companies with federal contracts
• Service providers for federal agencies
• Manufacturing companies supplying goods to federal agencies

Our NIST 800-171 process also provides for:

• Access controls: Who has access to data and whether or not they’re authorized.
• Awareness and training: Your staff should be adequately trained on CUI handling.  
• Audit and accountability: Know who’s accessing CUI and who’s responsible for what.
• Configuration management: Follow guidelines to maintain secure configurations.
• Identification and authentication: Manage and audit all instances of CUI access.
• Incident response: Data breach preparedness and response plan protecting CUI.
• Maintenance: Ensure ongoing security and change management to safeguard CUI.
• Media protection: Secure handling of backups, external drives, and backup equipment.
• Physical protection: Authorized personnel only in physical spaces where CUI lives.
• Personnel security: Train your staff to identify and prevent insider threats.
• Risk assessment: Conduct pen testing and formulate a CUI risk profile.
• Security assessment: Verify that your security procedures are in place and working.
• System and communications protection: Secure your comms channels and systems.
• System and information integrity: Address new vulnerabilities and system downtime.