Page tree
Skip to end of metadata
Go to start of metadata

Question

How does Unanet help support your NIST SP 800-171 Compliance Goals?

Solution

The Unanet team assures our Cloud customers that our Cloud environment will provide the basis for your compliance with the NIST requirements.

Government contractors who store Controlled Unclassified Information (CUI) in non-Federal systems are required by DFARS 252.204-7008 to comply with NIST SP 800-171 by December 31, 2017. Data in a government contractor’s project management and accounting system is considered CUI and the accounting system will be subject to the cyber security requirements of NIST Standard 800-171.

We have stayed on the pulse of the requirement as the December 31, 2017 deadline approaches. Unanet successfully undergoes annual SOC 2 audits. Our cloud managed services provider is mapping the requirements not only for NIST SP 800-171 but also for NIST SP 800-53 compliance in the case of Controlled Defense Information (CDI) stored in cloud systems.

This page discusses a number of the NIST requirements which relate to:

Multi-Factor Authentication

To deliver robust support for individual customer’s requirements for multi-factor authenticated access both to Unanet and other information systems which contain CUI, Unanet integrates with leading providers of Identity and Access Management (IAM) tools such as OneLogin, Duo and Okta, and other providers via SAML.


Identification & Authentication Controls

IAM vendors, such as those identified above, include robust capabilities related to login management, password complexity and password reuse that satisfy the relevant NIST Controls.

Prompt Cyber Incident Reporting

Customers using Unanet’s cloud offering will be notified of any unauthorized intrusion.

Data Encryption

The requirements for data encryption are met through the following:

  • Use of SSL
  • Availability of the Unanet cloud platform in a FedRAMP Moderate environment that uses data encryption at rest. Contact your Customer Success Manager for more information.


U. S. Based Hosting

Unanet software is hosted in AWS US East-West which has been granted a Joint Authorization Board Provisional Authority-To- Operate (JAB P-ATO) and multiple Agency Authorizations (A-ATO) for FedRAMP moderate impact level.


U.S. Based Development and Support

All Unanet software is developed and supported in the United States, and exclusively by U.S. Persons.

This is in contrast to other industry ERP software developed and supported in countries known to conduct state-sponsored hacking of US organizations.

More guidance on the NIST SP 800-171 requirements is available here, including NIST 800-171a on Assessing Security Requirements for Controlled Unclassified Information , and a CUI SSP Template: https://csrc.nist.gov/publications/detail/sp/800-171a/final

For more information on NIST SP 800-171 requirements, see the webinar hosted by Unanet and Telos.


Additional Information

NIST Special Publication

Unanet Webinar on NIST, hosted by Unanet and Telos

Unanet - NIST Compliance White Paper

NIST 800-171a on Assessing Security Requirements for Controlled Unclassified Information / CUI SSP Template



  • No labels