NIST Compliance

The National Institute of Standards & Technology (NIST) is a United States government agency, under the Department of Commerce, that promotes industry competitiveness in all nationally important areas, from communications and cybersecurity to advanced manufacturing and disaster resilience. NIST provides standards and guidelines for the federal government. The Special Publication (SP) 800-series provides government agencies additional guidance, recommendations and technical specifications to support the security and privacy of the federal government information and information systems, pertaining to cybersecurity activities.

NIST SP 800-171

The NIST SP 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” document was first published in December 2016 to provide guidance for government agencies looking to protect sensitive unclassified federal information that is housed in nonfederal systems and environments. Controlled Unclassified Information (CUI) is considered sensitive and relevant information about the U.S. that is to be protected from public disclosure. Any organization who stores or transmits CUI for any federal or state agency must comply with NIST SP800-171, including contractors and third-party vendors. The document was updated in June 2018 and clarifies the role of third parties in data breach incidents and guidance on types of data to protect and how to apply those protections.

NIST Compliance

NIST SP 800-171 includes 14 security requirements families including: Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; System and Communications Protection; System and Information Integrity.

How Untangle Helps

Untangle’s NG Firewall solution keeps the network safe and secure from cyberattacks by inspecting all network traffic, by finding and blocking harmful malware and access to websites and applications, and by controlling access to network resources. Untangle specifically helps organizations meet the following requirements of NIST SP 800-171:

  • Access Control – Untangle ensures only authorized users are able to access certain types of information by creating separate networks to route network resources, devices, or users as needed, and by enforcing user authentication in order to access network resources.

  • Audit and Accountability – Untangle has extensive logs and reporting to easily review historical logs and events on network activity. The logs and reports can be utilized for real-time monitoring as well as investigative purposes if an incident occurs.

  • Identification and Authentication – Untangle can enforce that all users must authenticate/identify themselves before accessing the network, applications or resources.

  • System and Communications Protection – Untangle can create sub-networks to separate both public accessible and internally accessible network components. With Untangle’s integrated rules engine (IRE), block rules can be set at the firewall level and applications and protocols can be blocked. Untangle can force user authentication in order to access the network and create a time period to force re-authentication.

  • System and Information Integrity – Untangle’s Virus Blocker app blocks malware in real-time to protect against emerging threats. The app is able to identify and block zero-day threats, viruses, worms, Trojan horses, botnets, unknown malware, and new infections. All files that are downloaded from websites or emails are scanned to ensure only safe files are allowed onto the network. Untangle constantly monitors inbound and outbound network traffic, taking a multi-layered approach to ensure that attacks are flagged and/or blocked.

Additionally, Untangle allows IT administrators to set up different policies for different types of users. For example, only HR employees could be allowed to access certain things on the network. Untangle helps federal, state and non-governmental agencies meet NIST SP 800-171 compliance through its powerfully simple, all-in-one network security solution. Test it out today on our live demo server or download a free trial.