If you’re a manufacturer within 50 miles of Washington D.C., your organization is probably working with the United States government in some way, shape or form. Whether you have a contract directly with the government or you provide products or materials to someone who does, your company is now responsible for ensuring that you are compliant with NIST 800-171 standards.
Are you interested in how a comprehensive IT solution could benefit your business? Click here to browse our Managed IT homepage!
WHAT IS NIST 800-171?
As of December 31st 2017, the National Institute of Standards and Technology (NIST) has published a document stating that all manufacturers that work with the US government (Department of Defense, General Services Administration, and NASA), are now responsible for maintaining compliance with their cybersecurity standards, outlined in document NIST 800-171. The document spells out the strict data management guidelines that manufacturers must meet in order to work with the government. And take note– just because you do not have a direct contract with the government does not mean you are not affected. Even if your organization does something as removed as supplying parts to a subcontractor of the government, it is required that your organization become compliant as well.
This document outlines the standards to which all manufacturers must update their systems in order to maintain cybersecurity best practices. With hackers attempting to breach the infrastructure of government agencies and private organizations alike, this document strives to protect both Controlled Unclassified Information (CUI) and Covered Defensive Information (CDI). Even though this information is technically unclassified, it is still sensitive data. This document strives to control the dissemination of this information.
Failure to meet these standards could mean the loss of your contract altogether.
10 Data Security Actions Your Business Should Consider Today to Work towards Compliance with NIST 800-171
While the actual document lists over 100 points that your organization will need to address, we’ve outlined 10 impactful data security changes you can make to your infrastructure to get started immediately.
- Limit access to your internal systems to authorized users and devices
- Apply a limit to the number of unsuccessful log in attempts for each user
- Automatically log off of devices after a certain amount of inactivity
- Provide security-awareness training to employees
- Restrict employees from self-installing software on their devices
- Require users to sign in to all systems before accessing any internal systems
- Prohibit password reuse for a specified number of generations
- Enforce a minimum password complexity when creating new passwords
- Restrict the use of portable storage devices if they do not have an identifiable owner
- Only allow physical access to organizational systems and equipment to authorized individuals
How Can I Become Fully Compliant with NIST 800-171?
Clocking in at 110 standards that your organization must meet in order to maintain compliance, it is clear that you will need to seek the help of an expert to get these updates underway. Due to the complexity of some of the requirements and what is at risk you don’t comply, we recommend utilizing an internal IT team or partnering with a resource that you trust to apply these changes. Equally as important, is establishing a process or resource to ensure you remain compliant!
If you do not have the capacity or expertise to apply these updates internally, seek the help of a dedicated 3rd Party IT company that understands the complexities of maintaining compliance in the manufacturing industry. With a third-party resource, you can stick to running your business while your third party handles the rest.