Secure YOUR Data Against Data Breaches.
To proactively secure data and address the risk of data breaches in your business, both Valeo Networks and industry regulators recommend developing a comprehensive cybersecurity program that incorporates steps from the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The critical steps of the NIST framework are to identify threats, protect assets, detect compromises, and plan for a response and recovery in the event of a cybersecurity incident.
Is your Cybersecurity Framework NIST Compliant?
“It’s really framework first. It’s incredibly important today, in this dynamic threat environment, that organizations build an elastic cybersecurity strategy that can grow and expand continuously to mitigate that risk that they face and the framework does exactly that.”—Ed Cabrera, Trend Micro Chief Cybersecurity Officer, (NIST Framework as a Foundation)
NIST controls help an organization assess its cybersecurity risk at a high level. By following these steps, organizations will be able to incorporate many risk management elements unique to their business to create a comprehensive cybersecurity program. The first step an organization should take is to identify and assess its risks regarding systems, assets, data, processes and personnel. The protect step encompasses information and system assets, encryption, employee devices and controls, and staff training. The detection step outlines activities such as penetration testing and intrusion that help to identify vulnerabilities to a data breach incident. In the event of a cybersecurity event, a response plan provides for activities to contain the impact, analyze the event and mitigate any further damage. Finally, the recovery step involves maintenance and restoration activities for getting business operations back to normal after an incident.
NIST Compliance for Government Contractors
If you’re a government contractor processing, storing or transmitting federal contract data, the Defense Federal Acquisition Regulation Supplement (DFARS) mandates minimum security standards in the NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.” Companies that deal with controlled unclassified information (CUI) must comply with NIST 800-171, which specifically provides guidance for non-federal information systems to secure government data.
Any company working with federal contract information must provide evidence of security protections and compliance or risk the loss of contract awards and the ability to compete for future awards. Government contractors or subcontractors must demonstrate “adequate security” as specified by NIST 800-171 and have cyber-incident policies and procedures in place that meet the DFARS requirements.
In 2019, Department of Defense (DoD) announced the implementation of the Cybersecurity Maturity Model Certification (CMMC), which ranks contractors based on their cyber hygiene and is based on the NIST 800-171 framework. Beginning in 2020, the CMMC will be a requirement for all DoD contractors to be able to participate in RFIs and bid on RFPs.
NIST for Financial Services
The Securities Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) also recommend that financial services and banking sectors implement a comprehensive cybersecurity program that includes steps from the NIST Cybersecurity Framework. These regulators recommend following the best practices of annual risk assessment, incident management, annual pen testing, log management, review and retention.
NIST for Industry and Manufacturing
Depending on the manufacturing industry, most businesses need to demonstrate compliance with NIST 800-171, FDA GMP, EPA, ISO or SEC regulations, which require technical controls, pen testing, audits, system validations, electronic signatures and documentation for software and systems involved in processing electronic data. Implementing a comprehensive cybersecurity program using the technical NIST controls will ensure manufacturers keep data secure within their plant operations while meeting compliance regulations.
Valeo Networks has been NIST 800-171 compliant since December 2017. Achieving NIST 800-171 compliance requires diving deep into networks and procedures to make sure appropriate security procedures are properly addressed. Valeo Networks continues to evaluate its networks, procedures and process to ensure compliancy.
Compliance for Every Business
The NIST Framework uses many of the Top 20 Center for Internet Security (CIS) Critical Security Controls (CSC) as its baseline for its best practice recommendations. The CIS CSC are compatible with various industry-specific regulations such as HIPAA, FISMA and PCI DSS. For any business or industry, large or small, a vulnerability assessment test will help an organization determine compliance with all relevant regulations. Valeo Networks provides the security risk assessments and the expertise to meet stringent administrative, technical and physical controls necessary to be both compliant and cyber-secure.
Start Your Journey
Make your IT matter and start your collaboration with Valeo Networks