What is NIST 800-171, and How is Compliance Determined?
NIST 800-171 is a National Institute of Standards and Technology publication that describes the minimum confidentiality measures government contractors must implement when transmitting, storing, or processing federal confidential unclassified information (CUI). The regulation applies to private-sector contractors that are (i) neither collecting and maintaining information nor operating information systems on behalf of federal agencies; and (ii) handling CUI that isn’t subject to other overriding federal laws or government policies. U.S. Department of Defense contractors must comply with this publication to maintain their ongoing contracts.
NIST 800-171 instructs contractors to implement fourteen sets of security considerations covering such aspects as access controls, operational systems maintenance, training, and incident response. In doing so, organizations must use encryption, multi-factor authentication, physical controls, and cryptographic safeguards when storing CUI and accessing it across devices. They’re also required to conduct periodic audits, perform risk & security assessments, and patch potential software and server flaws.
Contractors must provide system security plans that outline how they plan to meet these requirements and describe their operating environments, system boundaries, and relationships with other information systems and connections. They’ll also need to document the steps they plan to take to satisfy unmet security requirements and respond to known confidentiality threats.
How Does NIST 800-171 Hosting Work?
Contractors can use managed services to achieve NIST 800-171 compliance. Our ePHI and HIPAA-compliant cloud hosting platform, Abacus Private Cloud, allows you to leverage our three layers of server, physical, and data security to securely run your software and manage your CUI from any device anywhere.
What Do I Need to Do to Audit and Maintain Compliance with NIST 800-171?
AbacusNext can configure your Private Cloud account to meet NIST 800-171’s technical compliance requirements. We audit all accounts using NIST and SSAE -18 protocols, and automate critical software, firmware, and server upgrades to protect your account from cybercrime.
Are there AbacusNext Clients Who Comply with NIST 800-171?
Absolutely! Call us to see how Abacus Private Cloud can help you meet your compliance goals.