Are You Ready for the NIST 800-171 Compliance Deadline?

With only a few weeks until the December 31 deadline, are you scrambling to comply with NIST 800-171? Here’s how DNS-based security can help.

With only a few weeks until the December 31 deadline, are you scrambling to comply with NIST 800-171? Here’s how DNS-based security can help. And if you’re doing business with the US government, the cybersecurity standards in NIST 800-53 and NIST 800-171 are crucial.

Derived from mandates in the Federal Information Security Modernization Act (FISMA), NIST 800-53 is a roadmap of cybersecurity best practices. The 500-page document covers everything from network settings to physical access to organizational procedures, all with an eye toward tightening up the entry points commonly used by bad actors.

Now, NIST 800-53 was originally designed for Federal agencies, so why should businesses care?

In a word: Leverage. The government has a keen interest in advancing cybersecurity and resilience across the US economy. Instead of imposing cybersecurity standards through regulation, the government is compelling the industry into acting on its own.

As a first step, the National Institute of Standards and Technology adapted NIST 800-53 into a parallel industry-facing document, NIST 800-171. The Department of Defense, GSA, and NASA have now changed their 2015 contracting rules to require that all businesses with access to government information are compliant with NIST 800-171 in order to do business with the government. This includes all direct contracts and subcontractors, which is a significant swath of the US economy.

The deadline for all Federal contractors to be compliant is December 31, 2017, or they risk losing their contracts.  Non-compliance must be reported to the agency CIO, who will object to any contract which fails to comply with the standard. This is only the beginning, as other Federal agencies are likely to require compliance with NIST 800-171 in the future.

There is no silver bullet for NIST 800-171 compliance. Its scope is too broad for any one piece of software or bureaucratic mechanism to cover. There are shortcuts, however.

Monitoring network traffic and imposing security policies on that traffic are a critical component of the NIST standards. While firewalls and boundary protection services fit the bill at a basic level, they are more about identifying symptoms rather than prescribing cures.

Businesses looking to move beyond mere compliance with the NIST standards and on to true control of their network have to look deeper into the everyday activity. As the lifeblood of any network interaction, DNS data offers a gold mine of insights to monitor all kinds of traffic (both internal and external) and can inform security policies even before that traffic reaches the network boundary.

With the compliance deadline fast approaching, it only makes sense for every business with government ties to re-evaluate its security posture. A DNS-based security system not only checks several boxes for NIST 800-171 but moves beyond it to improve resilience and readiness.


Published in:


An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Article

Network Device Configuration Standardization – Thoughts on Ethan Banks’ post

Ethan Banks has an interesting newsletter called The Hot Aisle. Worth following if you’re not familiar with it, basically the thoughts of a very…

Read more
Article

Gold Standard Configuration for Network Devices

  Network and security teams in large enterprises spend quite a bit of time defining their “Gold Standard Configuration” for network…

Read more
Article

Comparing Check Point’s SmartEvent and SmartReporter vs indeni

Check Point’s SmartEvent and SmartReporter blades have made quite some progress over the last two years. The database used for collecting log data has…

Read more
Article

NERC Compliance Best Practices for Critical Infrastructure Protection (CIP) v5

We have a number of US-based energy grid operators that are leveraging indeni’s capabilities to meet the NERC CIP v5 requirements, that are soon to be…

Read more