Boldon James Logo

Supporting NIST SP 800-171
& CUI Compliance

Boldon James Classifier, the market leading data classification product, supports compliance with NIST regulations by:

Ensuring appropriate control
of confidential or sensitive information

Icon

Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements

Icon

Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information

Icon

Educating users about the sensitivity of data whilst ensuring adherence to corporate policy

Defense Federal Acquisition Regulation Supplement
(DFARS) 252.204-7012

For all contractors and subcontractors with US Department of Defense, the DoD has published prescriptive steps to ensure compliance with the requirements safeguarding Controlled Unclassified Information (CUI).  Through the DoD Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, implementation of the controls identified in the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171), “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations” must be in place as of the December 31st, 2017.

Read more

The NIST publication references a registry of information categories and related subcategories maintained by the National Archives (NARA). The CUI initiative seeks the consistent application of safeguarding measures related to the dissemination of information while fostering the sharing of information and collaboration where appropriate.

The heart of the CUI program was expressed in Executive Order (EO) 13556 calling for “An open and uniform program to manage all unclassified information…” with a key component being that all CUI to be labelled with appropriate visual markings that indicate to downstream parties how the regulated data should be treated.

Organizations can position themselves for compliance by taking steps to master the principles of data classification, and implement the processes, tools and training that will enable consistent and accurate labeling as defined in their data governance policy and required by NIST SP 800-171. Through this capability, organizations can readily demonstrate that have the capacity in place to recognize and manage CUI with appropriate metadata and visual markings as defined in the NARA registry.

At this time a certification process for CUI compliance does not exist but given that the requirements are stipulated through DFARS 252.204-7012, one can reasonably expect a strict attestation scheme in the future. While compliance is on the ‘honor system’ there are risks to be considered for not adopting the safeguards up to and including the loss of a contract or participation as a subcontractor.

By adopting the framework, organizations will not only demonstrate their ability to protect regulated data but will also enhance their ability to compete for new opportunities that store, process or transmit CUI.

Additional Information
About NIST

Why choose
Boldon James

With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.

Cloud Computing Icon

We integrate with powerful data security and governance ecosystems.

Shield Icon

We protect business critical data, improve data control and reduce risk.

Analytics Icon

We deliver improved and streamlined business performance.

Hand Icon

We are a “safe pair of hands” that constantly deliver success.