NIST SP 800-171 is a set of standards that defines how to protect and distribute Controlled Unclassified Information (CUI) created or possessed by non-federal entities. Controlled Unclassified Information (CUI) is information that is unclassified and not strictly regulated by the federal government but is sensitive and needs safeguarding. It is important that you identify CUI within your organization and make sure that it is being maintained, processed and stored properly.
The following are all CUI:
- Electronic files
- Email attachments
- Proprietary information
- Paper files
The NIST framework requires DoD, GSA, NASA and other federal and state contractors and sub-contractors to document how you have met requirements.
Security requirement 3.12.2 requires the contractor to develop and implement plans of action (POAMs) designed to correct deficiencies and lessen or eliminate vulnerabilities in organizational systems.
Security requirement 3.12.4 requires the contractor to develop, document, and occasionally update System Security Plans (SSPs) that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems
Our specialized team of experts can work with you to understand your business, policies and controls, evaluate your compliance with control requirements and provide you with a detailed compliance assessment report. Documentation includes an initial SSP and POAM. Our team will then work along side you to manage the system control policies and ensure milestones are met.
Contact us today to get started.