© 2021 RSM US LLP. All rights reserved.
NIST Compliance Services
Assure alignment with the National Institute of Standards and Technology
NIST 800-30 Risk Assessment
Historically used by governmental agencies, this National Institute of Standards and Technology (NIST) 800-30 risk assessment is being adopted by more commercial entities to build their risk management programs. Organizations looking to fully understand their risk profile or organizations performing government work would beneﬁt from such an assessment.
A NIST 800-30 risk assessment is widely used by U.S. governmental agencies, subcontractors and organizations that work for government clients. It can meet requirements set forth by federal agencies, as well as provide direction on where to direct security efforts. A NIST 800-30 risk assessment is also a key component of alignment and compliance with the Federal Information Security Management Act (FISMA). The NIST 800-30 risk assessment provides a risk management framework that shows an organization’s commitment to sound, industry-recognized security practices.
As part of a NIST 800-30 risk assessment, RSM will provide an independent view of infrastructure and application security risks faced by your company, along with actionable recommendations on how to mitigate those risks. The results of such an assessment helps organizations put programs in place that help with ongoing risk identification and remediation. It further lays the groundwork for the development of key risk indicators and management risk dashboards, so that organizations can make informed decisions.
RSM in Action
RSM recently used NIST framework to help an energy company develop a strategic cybersecurity road map with specific tactical solutions.
NIST 800-171 Assessment
Organizations that work with federal agencies—such as contractors, subcontractors and service providers—often handle controlled unclassified information (CUI), controlled technical information (CTI) and covered defense information (CDI). While not classified, NIST 800-171 security requirements dictate that this information must still be protected when held in nonfederal systems. Therefore, organizations that process, store or transmit CUI, CTI or CDI must adhere with information security requirements defined in the National Institute of Standards and Technology (NIST) 800-171, which can be complex and carry significant noncompliance penalties.
With RSM’s assistance, understanding NIST 800-171 and aligning your information security posture becomes a manageable task. Our NIST 800-171 advisory services help you build a repeatable, efficient process for achieving and sustaining compliance. This helps assure federal clients that you protect CUI, CTI and CDI in nonfederal systems, helping you maintain current and win new government contracts.
NIST 800-171 has become the formal security benchmark for protecting CUI, CTI and CDI. RSM’s NIST 800-171 advisory services helps you identify areas of noncompliance, remediate gaps and strengthen your overall information security posture. Our experienced advisors can assist your organization at any stage of designing and implementing your information security program, thereby helping you pursue the most cost-effective approach for protecting your confidential information and assets.