National Institute of Standards and Technology (NIST)

National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce. Its mission is to promote American innovation and industrial competitiveness.

From the smart electric power grid and electronic health records to atomic clocks, advanced nanomaterials, and computer chips, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology.

Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

What is NIST Compliance?

The NIST is a key resource for technological advancement and security at many of the country’s most innovative organizations. As such, compliance with NIST standards and guidelines has become a top priority in many high tech industries today.

Generally speaking, NIST guidance provides the set of standards for recommended security controls for information systems at federal agencies. These standards are endorsed by the government, and companies comply with NIST standards because they encompass security best practices controls across a range of industries – an example of a widely adopted NIST standard is the NIST Cybersecurity Framework. NIST standards are based on best practices from several security documents, organizations, and publications, and are designed as a framework for federal agencies and programs requiring stringent security measures.

In many cases, complying with NIST guidelines and recommendations will help federal agencies ensure compliance with other regulations, such as HIPAA, FISMA, or SOX. NIST guidelines are often developed to help agencies meet specific regulatory compliance requirements. For example, NIST has outlined nine steps toward FISMA compliance:

NIST Compliance Checklist

  1. Categorize the data and information you need to protect

  2. Develop a baseline for the minimum controls required to protect that information

  3. Conduct risk assessments to refine your baseline controls>

  4. Document your baseline controls in a written security plan

  5. Roll out security controls to your information systems

  6. Once implemented, monitor performance to measure the efficacy of security controls

  7. Determine agency-level risk based on your assessment of security controls

  8. Authorize the information system for processing

  9. Continuously monitor your security controls

The initial benefit of NIST compliance is that it helps to ensure an organization’s infrastructure is secure. NIST also lays the foundational protocol for companies to follow when achieving compliance with specific regulations such as HIPAA or FISMA. It’s important to keep in mind, however, that complying with NIST is not a complete assurance that your data is secure. That’s why NIST guidelines begin by telling companies to inventory their cyber assets using a value-based approach, in order to find their most sensitive data and prioritize protection efforts around it.

To learn more information on how to get your business NIST compliant feel free to contact us today!

Stay safe out there -Attila