AT-NET follows the National Institute of Standards and Technology guidelines for our security practice. While there are several NIST standards, NIST 800-171 satisfies the security requirements of the SMB sector. The NIST 800-171 is AT-NET's minimum cyber security standard for our monthly contracted customers.
Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations
Why NIST 800-171?
The purpose of NIST 800-171 is a “security check-list” for federal agencies with regards to their interactions with “nonfederal” systems and organizations for “Controlled Unclassified Information”. What this means is that nonfederal (vendors usually) organizations have certain minimum standards to obtain, with regards to data protection, in order to operate with federal agencies.
The NIST 800-171 standards are a minimum standard to follow and the governing documents are ever evolving. AT-NET’s security team feels that the standard should be adopted by all organizations where financially practical. The NIST standards serve as a framework that is able to acclimate to an evolving cybersecurity landscape.
More information about the above standards can be found at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r1.pdf .
The below areas; Identify, Protect, Detect, Respond, and Recover are employed when implementing security facets in the Control Areas, as seen in the next section of this documents.
· Describes desired outcomes
· Understandable by everyone
· Applies to any type of risk management
· Defines the entire breadth of cybersecurity
· Spans both prevention and reaction
Additionally, our customers are increasingly asked to allow the CCMC agents to review systems compliance.
CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.