This guide helps companies identify assets within scope of NIST 800-171
When you look at NIST 800-171 compliance, it has some similarities to the Payment Card Industry Data Security Standard (PCI DSS).
The reason we believe there are similarities is when you look at it from the perspective of PCI DSS, if scoping is done poorly, a company's entire network may be in-scope as the Cardholder Data Environment (CDE), which means PCI DSS requirements would apply uniformly throughout the entire company. In these scenarios, PCI DSS compliance can be prohibitively expensive or even technically impossible. However, when the network is intelligently-designed with security in mind, the CDE can be a small fraction of the company's network, which makes compliance much more achievable and affordable.
We feel that NIST 800-171 should be viewed in the very same manner. This guide is meant to help companies identify assets within scope for NIST 800-171 and potentially find ways to minimize scope through isolation or controlled access.
Not Sure Where To Start With NIST 800-171 Compliance?
If you are not sure where to start, we put together a short video with some helpful guidance on how to get on the path to getting compliant with NIST 800-171 (just click on the image below):
If you want to learn more about NIST 800-171 requirements and how to minimize scoping, we recommend pouring yourself a cup of coffee and watching the video we put together (just click on the image below):