The Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Cove Discussion Forums Main Page
Anyone working on NIST SP 800-171 (Network and Information Security)?
UL - Underwriters Laboratories - Health Sciences
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Anyone working on NIST SP 800-171 (Network and Information Security)?
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Anyone working on NIST SP 800-171 (Network and Information Security)?


Elsmar XML RSS Feed
Elsmar Cove Forum RSS Feed

Monitor the Elsmar Forum
Sponsor Links




Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags
dfars (defense federal acquisition regulation supplement), dfars 252.204-7012 (information security), information security, network infrastructure, nist (nat'l institute of standards & technology), nist sp 800-171 - protecting controlled unclassified information
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 6th March 2017, 06:44 PM
normzone

 
 
Total Posts: 680
Question Anyone working on NIST SP 800-171 (Network and Information Security)?

I think this is a dumb question, but while I'm researching the answer I thought I'd come to the hub of all knowledge and pose the question here.

I'm seeing some traffic in my inbox from multiple customers regarding compliance to NIST SP 800-171, so I'm assuming that some implementation target date is approaching. This standard appears (research in progress) to address network and information security in organizations.

Since we have big aerospace customers, who occasionally provide us source control drawings, and also our own proprietary data on our network, it seems logical that we would be required to observe at least rudimentary security precautions.

But somebody in my organization touched on this topic with a customer prior to my involvement and made the statement that the requirements do not apply to us since some of our products are publicly available. Before I go step on those toes (they are upstairs) I am doing my homework.

Anybody here dealing with the NIST SP 800-171 standard, or it's big brother DFARS 252.204-7012?

As always, thank you so very much for participating in this forum.
.
Attached Files: 1. Scan for viruses before opening, 2. Please report any 'bad' files by Reporting this post, 3. Use at your Own Risk.
File Type: pdf NIST.SP.800-171-(June-2015).pdf (784.1 KB, 19 views)
File Type: pdf DFARS-252.204-7012-guide-2015.pdf (348.3 KB, 42 views)

Sponsored Links
  Post Number #2  
Old 13th March 2017, 01:05 PM
Jeff.Patriot

 
 
Total Posts: 2
Re: Any one working on NIST SP 800-171 (network and information security)?

Actually, I just started my journey this morning.

December 31, 2017 is the deadline.
Sponsored Links

  Post Number #3  
Old 28th March 2017, 07:55 AM
Jeff.Patriot

 
 
Total Posts: 2
Re: Anyone working on NIST SP 800-171 (Network and Information Security)?

Hi Norm,

I tried to answer your PM, but could not because I did not yet have enough posts. Therefore, I will answer here.

All I have had time to do is print out all of the requirements and list what we have in place that may or may not satisfy each item, sort of a "poor man's" gap analysis.

I do have a copy of the ISO/IEC 27001 standard as well. I need to find and download a comparison chart to see what ISO is lacking.

I set up a QMS a few years ago based on ISO 9001:2008, so I figured I would set up our ISMS based on ISO 27001 and grab any NIST leftovers at the end.

I am glad you had a survey to get you going. I'm in the weeds a bit myself. However, I have heard quite a few say they have gone the ISO way and that sounds feasible to me.

--Jeff
Attached Files: 1. Scan for viruses before opening, 2. Please report any 'bad' files by Reporting this post, 3. Use at your Own Risk.
File Type: pdf NIST.SP.800-171r1.pdf (807.2 KB, 13 views)
  Post Number #4  
Old 26th April 2017, 04:55 PM
normzone

 
 
Total Posts: 680
Re: Anyone working on NIST SP 800-171 (Network and Information Security)?

Thank you Jeff -

I wanted to provide an update, and ask for further documentation if available.

Jeff is correct about the deadline. The website at nvd dot nist dot gov/800-53/Rev4/impact/LOW has a beautiful set of information regarding requirements for Low Impact suppliers, and plenty of good counsel in footnotes regarding interpretation, suggestions for waiver or overlap in applicable situations, etc.

It even breaks it down to three priority levels (Implement these first, then .... ) so that you could make a minimum task list out of it.

Which is how I am going to present it to top management. But it's all in separate linked pages. Rather than cut/paste this damn stuff all day, I'm trying (without success) to find a PDF or word doc I can grab it all at one go in.

Anybody got any leads on one?

Thanks all -
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
ISMS (Information Security Management System) Policy vs. Information Security Policy AnandR IEC 27001 - Information Security Management Systems (ISMS) 1 29th May 2012 05:18 AM
IT Audit: WPA/WPA2 PSK Network Security Demo AnaMariaVR2 Software Quality Assurance 0 24th June 2010 09:42 PM
Responsibilities for Network Cabling, Security Camera, Door Lock Access, etc. jyngers Misc. Quality Assurance and Business Systems Related Topics 3 10th February 2010 09:04 AM
ISO 13485 and network security protection - Medical device manufacturer pbell0000 ISO 13485:2016 - Medical Device Quality Management Systems 5 8th December 2008 08:01 AM



The time now is 09:28 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.


 
 
 


NOTE: This forum uses "Cookies"