Blog

NIST 800-171 Compliance Video

Posted by

We put a video together for businesses that need to comply with NIST 800-171, but do not know where to start. It covers how to define Controlled Unclassified Information (CUI), as well as Appendix D and Appendix E from NIST 800-171.

ComplianceForge YouTube Channel: NIST 800-171 Compliance Video - https://youtu.be/aSLfCnV_frU 

DFARS 252.204-7012 / NIST 800-171 Requirements - Non-Federal Organizations (NFO)

Have You Looked At Appendix E of NIST 800-171?While it is not called out with the main NIST 800-171 requirements in chapter 3, Appendix E contains numerous NIST 800-53 controls that are marked as Non-Federal Organizations (NFO). Essentially, these NFO requirements are "expected to be routinely satisfied" by government contractors without NIST 800-171 having to [...]

Read More »

​Scoping NIST 800-171 - Use PCI DSS As A Guide

Managing NIST 800-171 Scoping If you are new to NIST 800-171, it is intended to help "non-federal entities" (e.g., contractors) to comply with new security requirements using the systems and practices that contractors already have in place, rather than trying to use government-specific approaches. It also provides a standardized and uniform set of requirements for all [...]

Read More »

Announcing The NIST 800-171 Compliance Criteria (NCC)

We listened to our customer needs for guidance on becoming compliant with NIST 800-171, so we created the NIST 800-171 Compliance Criteria (NCC) product. This took considerable time to develop and contains expectations and recommendations that a for-hire consultant would offer you. If you are just starting out on the path to become compliant with NIST 800-171, this [...]

Read More »

FTC - Data Security Considerations for "Unfair" Business Practices

Section 5 of the Federal Trade Commission Act (FTC Act) (15 USC 45) prohibits ‘‘unfair or deceptive acts or practices in or affecting commerce.’’ The prohibition applies to all persons engaged in commerce - this includes online retailers or any business that maintains sensitive consumer information.In the data security context, the FTC has gone after companies for [...]

Read More »

Cybersecurity Risk Assessment Template

We are very pleased to announce that our Cybersecurity Risk Assessment Template is now available!We listened to our customers and we delivered - a simple, professional solution that will allow risk assessments to be performed without having to buy specialized tools or hiring expensive consultants. What we did was modify templates that we use for our [...]

Read More »

Understanding Compliance Needs

Understanding information security compliance requirements can be complex and the heavy lifting has already been done by ComplianceForge.comOne cool feature that ComplianceForge.com offers with its Written Information Security Program (WISP) and PCI DSS Data Security Policies & Standards solutions is reference material that can help you understand your scoping. Within the WISP and PCI DSS [...]

Read More »

Customized Cybersecurity Policies & Standards

We Have The Written Security Solutions You NeedIgnorance is neither bliss, nor is it an excuse! That is a simple fact to keep in mind when you evaluate your information security program. Is it sufficient? Are we doing what a "reasonable person" would expect?In 2005, we started selling customized information security policies that could be [...]

Read More »

Why You Need To Be Compliant

Compliance with information security laws and contractual obligations can be daunting. Turning to professionals who understand information security best practices helps reduce the chance of negligence.Information security compliance is a broad topic and means different things to people, depending on what industries they work in and the scope of their customer and partners. For some, compliance [...]

Read More »

Sign up for our Newsletter!

×
×