The Deadline for NIST SP800-171 Compliance is Fast Approaching What Does This Mean for Your Business?

RequestInformation
ymassard@hidglobal.com's picture

The US Federal government has been working to dramatically improve its security posture over the last 2 years.  As it approaches this from a holistic standpoint, the US Federal government is starting to require Federal contractors to improve their own security posture as well.  This is evidenced by the Federal Acquisition Rule (FAR) 52.204-21 “Basic Safeguarding of Covered Contractor Information Systems”, which mandates several requirements for Federal contractors that have information systems that process, store, or transmit Federal contract information, including authenticating and controlling who has access to that information. 

This is also evidenced by NIST SP800-171, which requires contractors who have access to federal Controlled Unclassified information to implement specific security controls, including identity proofing, multi-factor authentication, physical access control, and encryption.  The federal government has set a deadline for December 2017, after which contractors risk losing their US Federal contract if they do not comply.

Contractors can vary from a small business with a few employees to a multinational corporation with tens or hundreds of thousands of employees. 

  • For contractors simply looking to protect remote access to their networks and web applications, there are mobile device-based push authentication solutions that provide compliance and convenience.  The HID Approve solution delivers a balance between security and usability by providing next generation two-factor authentication and verification with the convenience of mobile push notifications.
  • For the larger contractors that need more, there are compliant solutions that can assist in getting rid of Active Directory passwords, encrypting laptops and providing converged access badges with identity proofing, all which significantly increase businesses’ level of security.  HID PIV has taken the technology that the US Federal government deployed, and packaged it in way that is significantly faster and more affordable to deploy, and supported by a single vendor.

The deadline for compliance is approaching fast, and HID Global can help you meet these mandates with a solution that best meets your unique requirements.  Don’t risk not being compliant with Federal mandates by choosing the wrong solution.  To find a solution to simplify your compliance, browse the range of Identity & Access Management Solutions from HID Global.