Imagine a world where technology had few quality controls or uniformity, and you’d quickly find yourself very glad it was just your imagination. Unreliable or inconsistent technology would be pure chaos.
Thankfully, there’s NIST, the National Institute of Standards and Technology. NIST is the agency within the U.S. Department of Commerce that oversees technology standards. Since 1901, NIST – then known as the National Bureau of Standards – has operated to encourage modern ideas and innovation in technology to make sure the United States keeps a strong competitive position among other countries.
Innovations like the smartphone that professionals rely on to stay connected, Google Assistant-enabled devices, or the Amazon Echo Dot and its library of skills are just a handful of modern ideas as a result of innovative technology with standards that are driven by NIST.
NIST reinforces cyber security standards, including data security standards. While it may make you question these standards when you hear reports of data breaches, NIST released a special publication in 2015 in response to several well-publicized large data leaks. NIST 800-171 outlines extra security protections to safeguard your data, but many businesses find the process challenging and are confused about what to protect.
NIST 800-171 applies to controlled unclassified information (CUI), and how this information needs to be protected. Controlled unclassified information is a category of data that isn’t considered classified but is still sensitive and needs to be treated with specific data security precautions. In the case of CUI, sensitive data is anything relative to the interests of the United States but isn’t restricted beyond reasonable means.
As a business that stores, accesses, or shares CUI, NIST 800-171 sets minimum requirements for your technology security. Not meeting these data security requirements puts your business at risk of hefty fines – and worse.
The data security technology requirements in NIST 800-171 are covering four general areas:
Given the nature of CUI can have a direct impact on the United States, the minimum technology security requirements in these areas are added layers of protection for businesses storing, accessing, and sharing this sensitive data.
What does this mean for your business? Added security for your technology is a major benefit for your IT systems and environment. Applying increased security measures for your data means you’ve gone to great lengths to prevent unauthorized access to your CUI and your total technology ecosystem.
Here’s a handy breakdown for where you can take the first steps:
With these steps completed, businesses need to establish clear protocols and training processes for staff working with CUI to ensure consistency in storage, access, and sharing of sensitive data.
When you’re ready to become compliant, NIST 800-171 helps you protect your CUI.
My philosophy when starting OTT was I wanted to create a place that I would want to work at (fun and friendly.) Where there was no corporate politics and we could just do our job fixing things and helping people. We can help people with their technology and not be arrogant or condescending to people. We can actually make a difference in peoples lives and not just say it but do it.