What Exactly Is NIST?

What Exactly Is NIST?

No matter what industry you work in, chances are you’ve encountered the term NIST at one time or another.

It’s most often used in relation to technology and, specifically, in relation to cybersecurity.

Like many things related to these fields, NIST is both complicated and simple. It’s complicated because you have to have a bit of background to fully understand what it represents. It’s simple because once you understand this background, NIST actually makes a lot of sense.

What Is NIST?

NIST is a federal agency within the United States Government (specifically, the U.S. Department of Commerce). The acronym stands for National Institute of Standards and Technology.

As an agency, NIST was founded by Congress in 1901. Basically, it was established as a way to standardize and promote competitiveness within the fields of science and technology in the U.S. A simultaneous mission was to promote the harnessing of science and technology to improve quality of life in the U.S. and protect our economic security.

What Does NIST Have to Do With Cybersecurity?

Essentially, the National Institute of Standards and Technology has its hands in many areas of industry. But more recently — from the late 20th century up until today — it has particularly impacted how we create, use, and disseminate technology.

As computers and the Internet became more ubiquitous in recent decades, it became apparent to the government that some standardized practices needed to be established. NIST became the authoritative body that would create and disseminate these standardized practices.

According to the NIST website, “Congress has given NIST responsibility to disseminate consistent clear, concise, and actionable resources to small businesses.” That goes for all other sizes of businesses too.

In addition, NIST standards generally apply to all industries. Most importantly, where cybersecurity is uniquely concerned, NIST 800-171 was created to control unclassified government information that is being stored and/or handled by non-governmental organizations.

What Is NIST 800-171?

NIST 800-171 is a special publication that was created and is mandated by the National Institute of Standards and Technology. The goal of this publication is to maintain uniformity in how organizations handle data — especially sensitive government data.

Both small to mid-sized businesses and large enterprises should know about NIST 800-171. As a business owner or C-level executive, it’s important that you, specifically, know about it. And if you work with the federal government — either directly or indirectly — it’s absolutely critical that you know about it.

Essentially, any business that works with the government or with government information needs to be NIST 800-171 compliant. But even companies that don’t work directly or indirectly with government information can find it useful as well.

Here are the basics:

Special publication NIST 800-171 was created to protect something called “Controlled Unclassified Information.”

What is “Controlled Unclassified Information,” you ask?

Controlled Unclassified Information, or CUI, is information that is relevant to the federal government but not necessarily classified. A good example would be legal documents or technical drawings of government projects.

This is important information to keep secure, and though it is not technically “classified” and doesn’t include “state secrets,” the government has an interest in protecting it and making sure it doesn’t fall into sinister hands.

How Does a Business Stay Compliant With NIST 800-171?

We’re not going to tell you that it’s impossible to stay compliant with NIST 800-171 on your own — without the help of a managed service provider.

However … it’s much harder.

NIST compliance is not simple.

First, you have to know which information is CUI and where it is located (all copies). You then have to classify and categorize that information. After that, you have to limit access to the CUI so that only authorized workers can see and use it. You also have to encrypt it.

Once that’s done, you should implement a system of monitoring to ensure that all CUI access dates and times are logged. From there, you need a system of training that can educate your employees on all of this information and how to reduce the risk of CUI access across the board.

Interested in Discovering More About How to Stay NIST Compliant?

As we said, NIST 800-171 compliance is not simple.

It’s far easier to have a managed service provider handle it for you. If you already work with an MSP you trust, talk to them about NIST compliance. If not, get in touch with a reputable MSP in your area today. Managing your NIST compliance is something that shouldn’t wait.

What is NIST

More Like This

157-Year-Old Lincoln College Succumbed To A Ransomware Attack

157-Year-Old Lincoln College Succumbed To A Ransomware Attack On May 13th, 2022, a college that has remained open through two world wars, the 1918 Spanish flu epidemic, and the Great Depression will close its doors. The college has been struggling to stay afloat in recent years, and the coronavirus pandemic and a recent ransomware attack …

157-Year-Old Lincoln College Succumbed To A Ransomware Attack Read More »

Read More

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security …

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers Read More »

Read More

Zero Trust Networks: What Are They?

Zero Trust Networks: What Are They? The internet has brought a world of opportunity for businesses. It is easy for companies to reach out to consumers and offer them products or services without a physical storefront. However, this also opens businesses up to the risk of data breaches and cyber attacks. Cyber attacks can be …

Zero Trust Networks: What Are They? Read More »

Read More

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities

Original release date: April 27, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security …

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities Read More »

Read More

Can Ransomware Spread Through Business WiFi Networks?

Can Ransomware Spread Through WiFi? Ransomware has been a menace to businesses large and small for years, and the problem is only getting worse. One of the most insidious aspects of ransomware is its ability to spread through wifi networks, infecting multiple computers and devices. This can cause severe disruptions to business operations, as employees …

Can Ransomware Spread Through Business WiFi Networks? Read More »

Read More

AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Original release date: April 20, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and training. The cybersecurity …

AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure Read More »

Read More