NIST Compliance Simplified

  Flexibility and ease of use are among the highlights of NIST standards.

Flexibility and ease of use are among the highlights of NIST standards.

Cybersecurity regulations from the Washington DC based National Institute of Standards and Technology (NIST) are built to provide flexibility for organizations, something that is proving invaluable when it comes to protecting critical infrastructure. In today's complex cybersecurity environment, technology advisors who can help businesses simplify security practices without sacrificing data protection can make NIST compliance much easier to handle, and this process begins with understanding your specific security needs.

Simplifying regulatory compliance is essential

A study from the NIST found that businesses are facing a major threat from their own employees, but it may not be the risk you are expecting. While insider threats, negligence and similar problems are still present among today's enterprise users, the study found that the greater issue is that of cybersecurity fatigue. Brian Stanton, co-author of the study, pointed out that people have grown so fatigued by the need to keep up with cybersecurity issues that many are tuning out. Another co-author, Mary Theofanos, explained that the sheer scale of security practices to track is causing problems.

"Years ago, you had one password to keep up with," said Theofanos. "Now people are being asked to remember 25 or 30. We haven't really thought about cybersecurity expanding and what it has done to people."

NIST and keeping compliance simple

As people become overwhelmed by cybersecurity complexity, simplifying standards is becoming incredibly important. The NIST regulations have already taken steps in this direction, and those strategies are paying off. The survey, which was recently posted on Government Computing News, found that approximately 82 percent of government agencies have adopted NIST standards in some form as they work to protect their data. One of the major reasons for such a high rate of success is that the standards are not mandatory yet, allowing agencies to pick and choose which best practices to follow based on their specific needs. That said, the Department of Defense has given contractors until December 31, 2017 to fully implement all NIST SP 800-171 controls on covered contractor information systems and many government contractors in the Washington, DC metro area and beyond are struggling to comply.  While the requirements have not yet been adopted across the federal government non-defense-related contracts, many others, including higher education institutions, are being proactive.     

Taking full advantage of what the NIST has to offer

Everyday office workers aren't the only ones who may be facing security and regulatory compliance fatigue. IT teams are facing a constant onslaught of new attack vectors, sources of risk and malware types. Change is so constant that it is easy to get burnt out trying to keep up, especially when companies are asked to deal with regulatory laws that don't necessarily apply to every phase of their business.

Organizations that want to leverage NIST standards to improve their security capabilities have an opportunity to mix-and-match the best practices available to ensure they find the right fit for their specific needs. Technology consultants can simplify the path to compliance, giving companies the combination of advice and access to compliant third-party providers that allow them to capitalize on what NIST regulations can offer and make the best choices. 

If you aren’t sure you want to build for NIST compliance, ARG can connect you with compliant solutions to fit your organization’s requirements.

If you have questions about NIST or security, email for additional resources and information.