Anyone working on NIST SP 800-171 (Network and Information Security)?

normzone

Trusted Information Resource
#1
I think this is a dumb question, but while I'm researching the answer I thought I'd come to the hub of all knowledge and pose the question here.

I'm seeing some traffic in my inbox from multiple customers regarding compliance to NIST SP 800-171, so I'm assuming that some implementation target date is approaching. This standard appears (research in progress) to address network and information security in organizations.

Since we have big aerospace customers, who occasionally provide us source control drawings, and also our own proprietary data on our network, it seems logical that we would be required to observe at least rudimentary security precautions.

But somebody in my organization touched on this topic with a customer prior to my involvement and made the statement that the requirements do not apply to us since some of our products are publicly available. Before I go step on those toes (they are upstairs) I am doing my homework.

Anybody here dealing with the NIST SP 800-171 standard, or it's big brother DFARS 252.204-7012?

As always, thank you so very much for participating in this forum. :popcorn:
.
 

Attachments

Elsmar Forum Sponsor
J

Jeff.Patriot

#2
Re: Any one working on NIST SP 800-171 (network and information security)?

Actually, I just started my journey this morning.

December 31, 2017 is the deadline.
 
J

Jeff.Patriot

#3
Hi Norm,

I tried to answer your PM, but could not because I did not yet have enough posts. Therefore, I will answer here.

All I have had time to do is print out all of the requirements and list what we have in place that may or may not satisfy each item, sort of a "poor man's" gap analysis.

I do have a copy of the ISO/IEC 27001 standard as well. I need to find and download a comparison chart to see what ISO is lacking.

I set up a QMS a few years ago based on ISO 9001:2008, so I figured I would set up our ISMS based on ISO 27001 and grab any NIST leftovers at the end.

I am glad you had a survey to get you going. I'm in the weeds a bit myself. However, I have heard quite a few say they have gone the ISO way and that sounds feasible to me.

--Jeff
 

Attachments

normzone

Trusted Information Resource
#4
Thank you Jeff -

I wanted to provide an update, and ask for further documentation if available.

Jeff is correct about the deadline. The website at nvd dot nist dot gov/800-53/Rev4/impact/LOW has a beautiful set of information regarding requirements for Low Impact suppliers, and plenty of good counsel in footnotes regarding interpretation, suggestions for waiver or overlap in applicable situations, etc.

It even breaks it down to three priority levels (Implement these first, then .... ) so that you could make a minimum task list out of it.

Which is how I am going to present it to top management. But it's all in separate linked pages. Rather than cut/paste this damn stuff all day, I'm trying (without success) to find a PDF or word doc I can grab it all at one go in.

Anybody got any leads on one?

Thanks all -
 
#5
Hi all,
were small UK based machine shop, I'm a little late on the uptake of this one but better later than never! right?
We have firewalls, malware, virus software and all that good stuff in place; but the requirements of NIST SP seem to go much further than this. thanks for the info in the posts so far, but I wondered if anyone had found any simple effectively ways / solutions of implementing the requirements needed here?


regards
Lee
:cfingers:
 
Thread starter Similar threads Forum Replies Date
T Is anyone working with N299.1 (Supply/service to nuclear power plants)? Various Other Specifications, Standards, and related Requirements 0
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
C Anyone with experience working with/for Hyundai? Career and Occupation Discussions 2
A Transactional six sigma - Is anyone working in the field of transactional 6 sigma? Professional Certifications and Degrees 3
M Electronic Quality Manual - Does anyone have working Electronic Quality Manual? Quality Management System (QMS) Manuals 27
A Does anyone have a checklist of API Spec 650 13th Edition? Oil and Gas Industry Standards and Regulations 0
P Does anyone have a API Q1 Documentation Package? Quality Management System (QMS) Manuals 1
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
Watchcat Anyone had an MDR technical file review/audit yet? EU Medical Device Regulations 13
S Anyone Familiar with "SPC for Excel" add-in? Lean in Manufacturing and Service Industries 4
M Has anyone has been through an MDR audit? (3/2020) EU Medical Device Regulations 1
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 15
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 24
B ASA Aviation Supply Association - Has anyone heard of ASA? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Has anyone done an IEC 60601-1 gap analysis to IEC 60335? Medical Device and FDA Regulations and Standards News 4
D Has anyone had sudden challenges from Korea-MFDS? Other Medical Device Regulations World-Wide 1
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
F Hi friends, can anyone show me an example of a procedure for ISO 13485 6.4.1 Work Environment? ISO 13485:2016 - Medical Device Quality Management Systems 2
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
Ronen E Can anyone please explain this? (510k submission requirement) Other US Medical Device Regulations 14
GreatNate Metrotom - Does anyone have any exposure to the Zeiss Metrotom 800 or 1500? Manufacturing and Related Processes 0
D FDA Biomarker Qualification Program - Has anyone prepared an application? Medical Device and FDA Regulations and Standards News 0
GreatNate QMS in SharePoint - Is anyone doing this? Manufacturing and Related Processes 10
M Honda Audits - Does anyone have any experience with the QAV audit? General Auditing Discussions 3
L Has anyone heard of the 2 pan system? Manufacturing and Related Processes 6
Q Does anyone have experience implementing a QMS without ISO certification? Quality Manager and Management Related Issues 2
J Does anyone here use ISOXpress/IMSXpress QMS software? Software Quality Assurance 11
K Does anyone have a copy of a GM 5 Phase Problem solving form Problem Solving, Root Cause Fault and Failure Analysis 1
M Has anyone here assessed the latest Abbreviated 510(K) guidance document? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Does anyone has a good verification and validation plan template? ISO 13485:2016 - Medical Device Quality Management Systems 3
D Has anyone undergone a BARDA (HHS) audit as part of their grant process? Other Medical Device Regulations World-Wide 0
QIE Anyone have experience with BPA Quality (QMS system based on Office365/Sharepoint) Quality Assurance and Compliance Software Tools and Solutions 1
M AMS0320 - Electro-deposition of zinc - Anyone come across this spec? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M Anyone Dropping IATF and going back to ISO ? IATF 16949 - Automotive Quality Systems Standard 18
Sidney Vianna LinkedIn bug - Anyone has any idea of how to fix this? Posts not showing for me in a Group feed. Coffee Break and Water Cooler Discussions 2
R Anyone who can share a checklist for ISO 29134? IEC 27001 - Information Security Management Systems (ISMS) 7
G Can anyone tell me about Tooling FMEA FMEA and Control Plans 3
B Does anyone charge for annual layouts? APQP and PPAP 8
C Will anyone please share training material for ISO:13485:2016 for best practices Training - Internal, External, Online and Distance Learning 0
K Has anyone used QAI for training? Training - Internal, External, Online and Distance Learning 7
N Does anyone know a registrar that offers both ISO 9001 and ISO 17020? Registrars and Notified Bodies 6
W Does anyone have any experience with the Easy Metric System? General Measurement Device and Calibration Topics 2
J Does anyone have a good APQP template that meets IATF requirements? APQP and PPAP 3
A Anyone have experience with Transmille calibrators General Measurement Device and Calibration Topics 1
D Has anyone here had any experience with PQ-FMEA software? FMEA and Control Plans 1
D IATF 16949 - 8.5.2.1 Traceability Plan - Does anyone have an example? IATF 16949 - Automotive Quality Systems Standard 4
C Upgrading from ISO 9001:2015 to IATF 16949:2016 - Anyone have a gap analysis tool? IATF 16949 - Automotive Quality Systems Standard 2
C Does anyone have an AS9100:2015 audit schedule template? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
S Has anyone completed IATF 16949 Certification - Share your Audit Experience? IATF 16949 - Automotive Quality Systems Standard 2
S Has anyone created a Turtle Diagram reflecting the new ISO 9001:2015 Structure? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3

Similar threads

Top Bottom