How does Unanet help support your NIST SP 800-171 Compliance Goals?
The Unanet team assures our Cloud customers that our Cloud environment will provide the basis for your compliance with the NIST requirements.
Government contractors who store Controlled Unclassified Information (CUI) in non-Federal systems are required by DFARS 252.204-7008 to comply with NIST SP 800-171 by December 31, 2017. Data in a government contractor’s project management and accounting system is considered CUI and the accounting system will be subject to the cyber security requirements of NIST Standard 800-171.
We have stayed on the pulse of the requirement as the December 31, 2017 deadline approaches. Unanet successfully undergoes annual SOC 2 audits. Our cloud managed services provider is mapping the requirements not only for NIST SP 800-171 but also for NIST SP 800-53 compliance in the case of Controlled Defense Information (CDI) stored in cloud systems.
This page discusses a number of the NIST requirements which relate to:
To deliver robust support for individual customer’s requirements for multi-factor authenticated access both to Unanet and other information systems which contain CUI, Unanet integrates with leading providers of Identity and Access Management (IAM) tools such as OneLogin, Duo and Okta, and other providers via SAML.
Identification & Authentication Controls
IAM vendors, such as those identified above, include robust capabilities related to login management, password complexity and password reuse that satisfy the relevant NIST Controls.
Prompt Cyber Incident Reporting
Customers using Unanet’s cloud offering will be notified of any unauthorized intrusion.
The requirements for data encryption are met through the following:
- Use of SSL
- Availability of the Unanet cloud platform in a FedRAMP Moderate environment that uses data encryption at rest. Contact your Customer Success Manager for more information.
U. S. Based Hosting
Unanet software is hosted in AWS US East-West which has been granted a Joint Authorization Board Provisional Authority-To- Operate (JAB P-ATO) and multiple Agency Authorizations (A-ATO) for FedRAMP moderate impact level.
U.S. Based Development and Support
All Unanet software is developed and supported in the United States, and exclusively by U.S. Persons.
This is in contrast to other industry ERP software developed and supported in countries known to conduct state-sponsored hacking of US organizations.
More guidance on the NIST SP 800-171 requirements is available here, including NIST 800-171a on Assessing Security Requirements for Controlled Unclassified Information , and a CUI SSP Template: https://csrc.nist.gov/publications/detail/sp/800-171a/final