The document library of the NIST website can be daunting and seemingly endless in terms of the various frameworks, controls and requirements that it provides. The 800 series, in particular, while important and, in many cases, necessary, is also hard to penetrate if you don’t already have some knowledge of what it contains. This can challenge organizations working with the DoD supply chain, especially those handling classified or sensitive material. 

This article will cover one of these publications: NIST 800-171. This document defines security for a specific form of government information that many contractors under the executive or defense departments: CUI. While important, this document also informs several important security frameworks, namely CMMC.

Read More

It makes sense that some of the more powerful and rigorous security regulations are in the federal government. As federal agencies turn to third-party IT vendors to fulfill their missions, the demand for transparent, translatable and effective security regulations is only increasing. That’s why NIST 800-53, now on its fifth revision, is so important for agencies and contractors alike. 

Here, learn more about NIST 800-53, why it is so important to government (and, increasingly, private sector) IT security and why it benefits you to consider adopting its standards. 

Read More

Data is such a rich and complex part of our modern society that several disciplines have risen around its management. Most enterprise businesses have data governance policies in place to support their business, security and compliance objectives, and these policies are evolving at a rapid rate. 

Here, we want to introduce the concept of a data governance policy and why it is important for your business. It doesn’t matter if you are a small vendor or a multi-site enterprise; having data governance policies in place is a necessary part of doing business. 

Read More