Progressing to NIST 800/ISM for Defence Supply Chain activities

Hardening Data Security in the Defence Supply Chain

In 2018, Defence Primes have begun communicating a simple, but profound message to their supply chains.  “Data Security is The New Black”

From 2019 onwards, contractor’s may be compelled to meet the stringent security standards of the Information Security Manual, or NIST 800-171.

The ability to demonstrate an improved data security posture, relevant to these standards, will increasingly be a discriminator in the contract negotiations with Primes.

What is Controlled Unclassified Information (CUI)?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies.

What is NIST 800-171?

As computing platforms and technologies are ubiquitously deployed worldwide and systems and components are increasingly interconnected through wired and wireless networks, the susceptibility of Controlled Unclassified Information (CUI) to loss or compromise grows.

The purpose of NIST 800-171 is to provide federal agencies with recommended security requirements for protecting the confidentiality of CUI when the CUI is resident in a non-federal information system and with organizations such as contractors.

How can e-Safe Compliance help companies comply with NIST 800-171? 

NIST 800-171 organises the security requirements into fourteen families. The chart below lists the families and highlights in red each family that is either fully or partially managed by e-Safe Compliance. The chart also highlights the families where e-Safe Compliance is not applicable.

Click on the ‘Explore eSafe’ button above to read this document in detail… 

OK, but HOW do I take my organisation from a low security posture, to a higher one?

Security Compliance is an ongoing process. To help companies navigate this process, e-Safe have created a framework to guide organisations through this process. It is called:

Insider Threat Mitigation Maturity Framework

Enter your keyword