National Institute of Standards and Technolgy (NIST)
Ensure patient health data is safe with the latest security technologies and sophisticated risk management practices.
Which Regulations Matter for Your Organization?
The National Institute of Standards and Technology (NIST) has published the final version of its guidance for federal agencies to ensure that sensitive federal information remains confidential when stored in nonfederal information systems and organizations.
Contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.
To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (link is external) (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information. The National Archives and Records Administration (NARA)administers the program. Information that qualifies as “controlled unclassified information” is defined by NARA in the CUI Registry (link is external), an extensive list of executive branch information that requires controls based on laws, regulations or government-wide policies.
What to know about the NIST Rule:
Generally speaking, NIST guidance provides the set of standards for recommended security controls for information systems at federal agencies. These standards are endorsed by the government, and companies comply with NIST standards because they encompass security best practices controls across a range of industries – an example of a widely adopted NIST standard is the NIST Cybersecurity Framework. NIST standards are based on best practices from several security documents, organizations, and publications, and are designed as a framework for federal agencies and programs requiring stringent security measures.
What You Need to Do - and How MDS Can Help:
In many cases, complying with NIST guidelines and recommendations will help federal agencies ensure compliance with other regulations, such as HIPAA, FISMA, or SOX. NIST guidelines are often developed to help agencies meet specific regulatory compliance requirements. For example, NIST has outlined nine steps toward FISMA compliance:
- Categorize the data and information you need to protect
- Develop a baseline for the minimum controls required to protect that information
- Conduct risk assessments to refine your baseline controls
- Document your baseline controls in a written security plan
- Roll out security controls to your information systems
- Once implemented, monitor performance to measure the efficacy of security controls
- Determine agency-level risk based on your assessment of security controls
- Authorize the information system for processing
- Continuously monitor your security controls