The President of IT Direct, Ari Santiago, recently gave an hour-long webinar on NIST compliance. He provided a quick, but very thorough overview of what NIST 800-171 is, why it’s important, and the 14 families of the framework.
If you’d like to listen to the entire webinar, you can find it here on YouTube.
In today’s blog post, we’re going to give an overview of that overview – a 60,000 ft view, if you will!
What is NIST?
NIST stands for The National Institute of Standards and Technology, a non-regulatory government agency under the Department of Commerce, that helps develop standards for best practice guidelines.
Other government departments then can (and do!) publish these standards and create requirements around them, which is how NIST 800-171 compliance came into effect.
Why is NIST compliance important?
As we covered in a previous blog post, NIST 800-171 compliance is just good cybersecurity practice. (You can read that blog post here.) NIST 800-171 places requirements on organizations that handle Controlled Unclassified Information (CUI) so that they can ensure that this information is secure. Really, everyone should consider having this level of cybersecurity to protect their company’s intellectual property and their clients’ and employees’ information.
NIST compliance is even more important due to the current state of cybercrime. Cybercrime has become a booming industry. The incidents of malware, ransomware and overall cyberattacks have increased steadily year by year. It is so professional that there are websites similar to CareerBuilder to hire for cybercrime related positions, websites similar to eBay selling data that has been stolen and collected, and websites similar to Amazon selling the software that allows anyone to become a hacker without coding knowledge.
This level of cybercriminality is why cybersecurity has become such a hot topic and of such major importance.
Cybersecurity has 3 basic tenants: Protect, Detect and Recover. All the NIST requirements fall into one of these high-level categories. Protect your systems to the highest level possible; make sure you can detect when something has occurred, either from inside or outside your building(s); and be sure you can recover from that incident as efficiently and effectively as possible.
NIST 800-171 requirements
In the next blog post, we will provide a quick breakdown of the NIST 800-171 requirements, where they fit into the three cybersecurity categories and a brief description of each…
If you’d like to learn more about your company’s cybersecurity needs and requirements, please reach out below: