The National Institute of Standards and Technology (NIST) has issued important requirements for contractors who handle Controlled Unclassified Information (CUI). These requirements have been developed to ensure that sensitive Federal information remains confidential when stored in and unclassified environment. Here are some of our NIST offerings:
Access control is a process of granting or denying specific requests to obtain and use information as well as entering specific physical facilities.
AWARENESS & TRAINING
We educate users to create awareness and urgency of security by using a multidisciplinary study of concepts, issues, and principles.
We provide guidelines for responsible management and administration of the security of federal information systems and associated environments.
IDENTIFICATION & AUTHENTICATION
We will employ passwords or tokens to authenticate user identities, or multifactor authentication, or some combination thereof.
We will establish policy and procedures for the effective implementation of selected security controls and control enhancements.
It is necessary to verify and enforce physical access and maintain access audit logs, in addition to securing physical devices including keys and combinations.
Learn where your vulnerabilities lie; we’ll assess your company and provide an actionable plan to ensure your compliance.
We will evaluate your security controls in place currently, against the NIST standards and establish new policies and procedures as deemed relevant.
SYSTEM & INFORMATION INTEGRITY
This establishes a system for managing risks from system vulnerabilities, it will implement best practices for security, risk, and protection.