NIST Compliance Assessment

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST promotes their mission by developing special publications that are devoted to specific information security topic.

At Schneider Downs we have experience advising our clients using NIST guidance and frameworks such as:

  • NIST Cybersecurity Framework - Created through voluntary collaboration between industry and government, the Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
  • NIST 800-53 - This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations.
  • NIST 800-61 - This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
  • NIST 800-30 - This document provides guidance for carrying out each of the three steps in the risk assessment process (i.e., prepare for the assessment, conduct the assessment, and maintain the assessment) and how risk assessments and other organizational risk management processes complement and inform each other.
  • NIST 800-171 - This publication provides federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI): (i) when the CUI is resident in nonfederal information systems and organizations; (ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and (iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government wide policy for the CUI category or subcategory listed in the CUI Registry.
  • NIST 800-82 - This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements.

Schneider Downs NIST Assessment Approach

We begin our assessment by working closely with you to understand your business processes in order to understand the NIST special publication that best pertains to your organization . We will work with and interview key individuals within the business and information technology services responsible for compliance with the NIST special publication. We will evaluate your compliance with all control requirements through review of documentation supporting the operating effectiveness of controls. When our evaluation is complete, we will provide your organization with a detailed compliance assessment report outlining corrective action plans with a detailed roadmap for achieving NIST compliance.

case studies

 
big problem:
Ransomware attack halted a global manufacturer's operations.
big thinking:
Recover and secure the system – fast – save $1 million in ransom.
 
big problem:
High tax burden for family-owned franchisor.
big thinking:
Comprehensive planning for a 15% tax reduction.

our thoughts on

Ransomware Still a Growing Problem for Organizations of All Sizes

While the concept of malware-based extortion has remained relatively unchanged since the first documented occurrence in 1989, attackers have spent the

read more >

Application to Receive Funding for On-Road and Class 8 Fleet Vehicle Projects in Pennsylvania Now Available!

As you know from our previous articles (Volkswagen Environmental Mitigation Trust Fund), Volkswagen is obligated to fund various environmental trusts for

read more >

Financial Fitness: Setting SMART Goals

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. Happy New Year! As the calendar flips and a New

read more >

Good News Regarding Excess Business Losses For Your Pass-Through Construction Business

If you own a construction business, you know all too well that one or more bad contracts can make or break the financial results for the year. If you were

read more >

Financial Fitness - Are my personal finances on the right track?

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. This is a frequently asked question by my clients

read more >

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102