NIST 800-171 Compliance for Higher Education
Date published: 07 Jun 2022
With the number of cyber security attacks ever increasing, regulatory requirements from the federal government are also increasing to match them. One of the central requirements is NIST 800-171. The National Institute of Standards and Technology (NIST) introduced NIST 800-171 as a list of cybersecurity controls to protect controlled and sensitive, but unclassified, government information handled by federal contractors and other organizations working with the US government.
Education Sector and cyber security compliance
In December 2020 Federal Student Aid Office within the US Department of Education issued a notice that put NIST 800-171 at the heart of its post-secondary education cyber security plans.
For departments carrying out research on behalf the US government, or receiving federal funding, for example as part of a NASA program, there is also a requirement to protect CUI (controlled unclassified information) and for those carrying out research for the US Department of Defense, there may be further requirements to comply with CMMC. NIST 800-171 is a fundamental part of version 2.0 of the CMMC the framework.
So, complying with NIST 800-171 is likely to be necessary for at least part of IT networks on (and possibly off) campus. For more about the NIST 800-171 controls and the requirements, visit our guide.
Security from compliance
But the key driver behind compliance should be to improve the security posture of your entire network and not just a tick box exercise, carried out just to meet requirements. Rather, carried out properly, compliance can be the route to a more secure network.
The fundamentals remain the same – you need to get the basics right and ensure your cyber hygiene is maintained, from keeping on top of patching, to identifying misconfigurations within your network, to minimize the critical vulnerabilities as part of a baseline protection.
But manually auditing every device in a network can be a time-consuming process, leading to sampling or infrequent audits.
That’s where Titania Nipper comes in.
It’s unique virtual modelling of individual devices allows it to ingest configurations files, either by accessing the device config files directly or through uploading them and then virtually modeling the device based off of the config, providing an assessment of any misconfigurations identified. The assessment can save up to three hours per device.
These are then output into either a json file or an easy-to-read html report, which gives an automated compliance assessment for 89% of NIST 800-171 network controls. If you’re establishing a baseline and route to compliance, its risk-based prioritization of these findings allows you to choose which issues to tackle first, and the remediation advice includes exact technical fixes where possible. If you are undergoing an assessment, then the report is in a format that can easily be passed over to an assessor.
Try it today and see how you can quickly and accurately automate the assessment of 89% of NIST 800-171 network controls.