Are You Ready for the NIST 800-171 Compliance Deadline?

With only a few weeks until the December 31 deadline, are you scrambling to comply with NIST 800-171? Here’s how DNS-based security can help.

With only a few weeks until the December 31 deadline, are you scrambling to comply with NIST 800-171? Here’s how DNS-based security can help. And if you’re doing business with the US government, the cybersecurity standards in NIST 800-53 and NIST 800-171 are crucial.

Derived from mandates in the Federal Information Security Modernization Act (FISMA), NIST 800-53 is a roadmap of cybersecurity best practices. The 500-page document covers everything from network settings to physical access to organizational procedures, all with an eye toward tightening up the entry points commonly used by bad actors.

Now, NIST 800-53 was originally designed for Federal agencies, so why should businesses care?

In a word: Leverage. The government has a keen interest in advancing cybersecurity and resilience across the US economy. Instead of imposing cybersecurity standards through regulation, the government is compelling the industry into acting on its own.

As a first step, the National Institute of Standards and Technology adapted NIST 800-53 into a parallel industry-facing document, NIST 800-171. The Department of Defense, GSA, and NASA have now changed their 2015 contracting rules to require that all businesses with access to government information are compliant with NIST 800-171 in order to do business with the government. This includes all direct contracts and subcontractors, which is a significant swath of the US economy.

The deadline for all Federal contractors to be compliant is December 31, 2017, or they risk losing their contracts.  Non-compliance must be reported to the agency CIO, who will object to any contract which fails to comply with the standard. This is only the beginning, as other Federal agencies are likely to require compliance with NIST 800-171 in the future.

There is no silver bullet for NIST 800-171 compliance. Its scope is too broad for any one piece of software or bureaucratic mechanism to cover. There are shortcuts, however.

Monitoring network traffic and imposing security policies on that traffic are a critical component of the NIST standards. While firewalls and boundary protection services fit the bill at a basic level, they are more about identifying symptoms rather than prescribing cures.

Businesses looking to move beyond mere compliance with the NIST standards and on to true control of their network have to look deeper into the everyday activity. As the lifeblood of any network interaction, DNS data offers a gold mine of insights to monitor all kinds of traffic (both internal and external) and can inform security policies even before that traffic reaches the network boundary.

With the compliance deadline fast approaching, it only makes sense for every business with government ties to re-evaluate its security posture. A DNS-based security system not only checks several boxes for NIST 800-171 but moves beyond it to improve resilience and readiness.


Published in:


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Micetro_ Hybrid Cloud Integration Blog

Micetro simplifies hybrid cloud DNS and IP address management

Learn how Micetro can help you simplify and streamline DNS and IP address management across hybrid and multicloud environments.

Read more
Three operational reasons to drop legacy tools and unify your DDI

Three operational reasons to drop legacy tools and unify your DDI

Learn with BlueCat how visibility and control, process automation, and infrastructure reliability offer three reasons to adopt Unified DDI.

Read more
Micetro_ Simplify Microsoft DNS_ DHCP_ and Active Directory Sites Management

Simplify Microsoft DNS, DHCP, and Active Directory with Micetro

Learn how Micetro makes it easy to administer Microsoft DNS, DHCP, and Active Directory sites and subnets and manage your DDI environment.

Read more
Get insight into your DDI environment with Live DDI Analytics

Get insight into your DDI environment with Live DDI Analytics

Enroll in our technology preview today to use the Live DDI Analytics tool to get real-time reports and analysis for your DDI environment.

Read more