What Exactly Is NIST?

No matter what industry you work in, chances are you’ve encountered the term NIST at one time or another.

It’s most often used in relation to technology and, specifically, in relation to cybersecurity.

Like many things related to these fields, NIST is both complicated and simple. It’s complicated because you have to have a bit of background to fully understand what it represents. It’s simple because once you understand this background, NIST actually makes a lot of sense.

What Is NIST?

NIST is a federal agency within the United States Government (specifically, the U.S. Department of Commerce). The acronym stands for National Institute of Standards and Technology.

As an agency, NIST was founded by Congress in 1901. Basically, it was established as a way to standardize and promote competitiveness within the fields of science and technology in the U.S. A simultaneous mission was to promote the harnessing of science and technology to improve quality of life in the U.S. and protect our economic security.

What Does NIST Have to Do With Cybersecurity?

Essentially, the National Institute of Standards and Technology has its hands in many areas of industry. But more recently — from the late 20th century up until today — it has particularly impacted how we create, use, and disseminate technology.

As computers and the Internet became more ubiquitous in recent decades, it became apparent to the government that some standardized practices needed to be established. NIST became the authoritative body that would create and disseminate these standardized practices.

According to the NIST website, “Congress has given NIST responsibility to disseminate consistent clear, concise, and actionable resources to small businesses.” That goes for all other sizes of businesses too.

In addition, NIST standards generally apply to all industries. Most importantly, where cybersecurity is uniquely concerned, NIST 800-171 was created to control unclassified government information that is being stored and/or handled by non-governmental organizations.

What Is NIST 800-171?

NIST 800-171 is a special publication that was created and is mandated by the National Institute of Standards and Technology. The goal of this publication is to maintain uniformity in how organizations handle data — especially sensitive government data.

Both small to mid-sized businesses and large enterprises should know about NIST 800-171. As a business owner or C-level executive, it’s important that you, specifically, know about it. And if you work with the federal government — either directly or indirectly — it’s absolutely critical that you know about it.

Essentially, any business that works with the government or with government information needs to be NIST 800-171 compliant. But even companies that don’t work directly or indirectly with government information can find it useful as well.

Here are the basics:

Special publication NIST 800-171 was created to protect something called “Controlled Unclassified Information.”

What is “Controlled Unclassified Information,” you ask?

Controlled Unclassified Information, or CUI, is information that is relevant to the federal government but not necessarily classified. A good example would be legal documents or technical drawings of government projects.

This is important information to keep secure, and though it is not technically “classified” and doesn’t include “state secrets,” the government has an interest in protecting it and making sure it doesn’t fall into sinister hands.

How Does a Business Stay Compliant With NIST 800-171?

We’re not going to tell you that it’s impossible to stay compliant with NIST 800-171 on your own — without the help of a managed service provider.

However … it’s much harder.

NIST compliance is not simple.

First, you have to know which information is CUI and where it is located (all copies). You then have to classify and categorize that information. After that, you have to limit access to the CUI so that only authorized workers can see and use it. You also have to encrypt it.

Once that’s done, you should implement a system of monitoring to ensure that all CUI access dates and times are logged. From there, you need a system of training that can educate your employees on all of this information and how to reduce the risk of CUI access across the board.

Interested in Discovering More About How to Stay NIST Compliant?

As we said, NIST 800-171 compliance is not simple.

It’s far easier to have a managed service provider handle it for you. If you already work with an MSP you trust, talk to them about NIST compliance. If not, get in touch with a reputable MSP in your area today. Managing your NIST compliance is something that shouldn’t wait.

Interested in making a change in IT service companies? Let's chat.

Schedule a 5-minute telephone call with Palindrome Consulting using the form below.

4.9

Based on 13 reviews

review us on

Elizabeth Mitrani

17:23 06 Aug 19

Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more

Moshe Rubinstein

14:57 28 Jun 19

They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more

Benjamin Wainberg

14:09 28 Jun 19

Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more

Copier Man

13:56 28 Jun 19

We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more

Martin Feldman

16:43 26 Jun 19

As a partner in Fischer & Feldman, P.A. we have utilized Palindrome Consulting as our IT experts for many years. In... addition to keeping our server up and running, they are available to consult on the everchanging cloud and web landscape. We could not function as a successful law firm without their constant care, attention and almost IMMEDIATE RESPONSE TIME.read more

Rebecca Fischer

16:39 26 Jun 19

Palindrome has been my IT company for more than 15 years. We have been through four server and computer replacements... over the years all of which went smoothly. As technology has changed Palindrome has kept us current in their recommendations and are extremely responsive when we run into a software or hardware problem. We have been through hurricanes with Palindrome and felt confident they would have us up and running as quickly as possible and despite the fact we are probably a smaller client, they have treated us as one of their most important clients. I highly recommend Palindrome and have complete confidence in their capabilities and service. They have even gone the extra mile when we wanted to donate our old computers to a children's special needs school and delivered the computers, set them up and provided service for the same. Ilan Sredni is the consummate professional and has surrounded himself with top professionals and skilled technicians.read more

Nelson T

20:32 25 Jun 19

Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more

Next Reviews

What Exactly Is NIST?