Are You Ready for the NIST 800-171 Compliance Deadline?

With only a few weeks until the December 31 deadline, are you scrambling to comply with NIST 800-171? Here’s how DNS-based security can help.


December 12, 2017

With only a few weeks until the December 31 deadline, are you scrambling to comply with NIST 800-171? Here’s how DNS-based security can help. And if you’re doing business with the US government, the cybersecurity standards in NIST 800-53 and NIST 800-171 are crucial.

Derived from mandates in the Federal Information Security Modernization Act (FISMA), NIST 800-53 is a roadmap of cybersecurity best practices. The 500-page document covers everything from network settings to physical access to organizational procedures, all with an eye toward tightening up the entry points commonly used by bad actors.

Now, NIST 800-53 was originally designed for Federal agencies, so why should businesses care?

In a word: Leverage. The government has a keen interest in advancing cybersecurity and resilience across the US economy. Instead of imposing cybersecurity standards through regulation, the government is compelling the industry into acting on its own.

As a first step, the National Institute of Standards and Technology adapted NIST 800-53 into a parallel industry-facing document, NIST 800-171. The Department of Defense, GSA, and NASA have now changed their 2015 contracting rules to require that all businesses with access to government information are compliant with NIST 800-171 in order to do business with the government. This includes all direct contracts and subcontractors, which is a significant swath of the US economy.

The deadline for all Federal contractors to be compliant is December 31, 2017, or they risk losing their contracts.  Non-compliance must be reported to the agency CIO, who will object to any contract which fails to comply with the standard. This is only the beginning, as other Federal agencies are likely to require compliance with NIST 800-171 in the future.

There is no silver bullet for NIST 800-171 compliance. Its scope is too broad for any one piece of software or bureaucratic mechanism to cover. There are shortcuts, however.

Monitoring network traffic and imposing security policies on that traffic are a critical component of the NIST standards. While firewalls and boundary protection services fit the bill at a basic level, they are more about identifying symptoms rather than prescribing cures.

Businesses looking to move beyond mere compliance with the NIST standards and on to true control of their network have to look deeper into the everyday activity. As the lifeblood of any network interaction, DNS data offers a gold mine of insights to monitor all kinds of traffic (both internal and external) and can inform security policies even before that traffic reaches the network boundary.

With the compliance deadline fast approaching, it only makes sense for every business with government ties to re-evaluate its security posture. A DNS-based security system not only checks several boxes for NIST 800-171 but moves beyond it to improve resilience and readiness.

Published in:

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more