NIST 800-171 Foundations Course

This On-line Self-study Course Provides Comprehensive Information About the Need To Protect Controlled Unclassified Information

Today, more than at any time in history, the federal government is relying on external service providers to help carry out a wide range of federal missions and business functions using state-of-the-practice information systems.

An information system is a discrete set of information resources organized expressly for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. Information systems also include specialized systems for example, industrial/process control systems, cyber-physical systems, embedded systems, and devices. The term system is used to represent all types of computing platforms that can process, store, or transmit CUI.

The protection of sensitive federal information while residing in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully carry out its designated missions and business operations, including those missions and functions related to the critical infrastructure.

A federal information system is a system that is used or operated by an executive agency, by a contractor of an executive agency, or by another organization on behalf of an executive agency. A system that does not meet such criteria is a nonfederal system.

The protection of unclassified federal information in nonfederal systems and organizations is dependent on the federal government providing a disciplined and structured process for identifying the different types of information that are routinely used by federal agencies.

  • On November 4, 2010, the President signed Executive Order 13556, Controlled Unclassified Information.

The Executive Order established a government-wide Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection and designated the National Archives and Records Administration (NARA) as the Executive Agent to implement that program.

  • NARA has delegated this authority to the Information Security Oversight Office, which is a component of NARA.
  • Controlled Unclassified Information is any information that law, regulation, or governmentwide policy requires to have safeguarding or disseminating controls, excluding information that is classified under Executive Order 13526, Classified National Security Information, December 29, 2009, or any predecessor or successor order, or the Atomic Energy Act of 1954, as amended.
  • Only information that requires safeguarding or dissemination controls pursuant to federal law, regulation, or governmentwide policy may be designated as CUI.

Order Through PayPal’s Secure Card Services

Select Quantity of Students
1st Student Name & Email
2nd Student Name & Email

The CUI Program is designed to address several deficiencies in managing and protecting unclassified information to include inconsistent markings, inadequate safeguarding, and needless restrictions, both by standardizing procedures and by providing common definitions through a CUI Registry.

The CUI Registry is the online repository for information, guidance, policy, and requirements on handling CUI, including issuances by the CUI Executive Agent.

Among other information, the CUI Registry identifies approved CUI categories and subcategories, provides general descriptions for each, identifies the basis for controls, and sets out procedures for the use of CUI, including but not limited to marking, safeguarding, transporting, disseminating, reusing, and disposing of the information.

The federal CUI regulation, developed by the CUI Executive Agent, provides guidance to federal agencies on the designation, safeguarding, dissemination, marking, decontrolling, and disposition of CUI, establishes self-inspection and oversight requirements, and delineates other facets of the program.

For ease of use, the security requirements are organized into fourteen families. Each family contains the requirements related to the general security topic of the family. The families are closely aligned with the minimum security requirements for federal information and systems described in FIPS Publication 200.

The course provides details and an explanation about all security families, which includes 110 objectives and controls.

  1. Access Control
  2. Media Protection
  3. Awareness and Training
  4. Personnel Security
  5. Audit and Accountability
  6. Physical Protection
  7. Configuration Management
  8. Risk Assessment
  9. Identification and Authentication
  10. Security Assessment
  11. Incident Response
  12. System and Communications Protection
  13. Maintenance
  14. System and Information Integrity

 

Order Through PayPal’s Secure Card Services

Select Quantity of Students
1st Student Name & Email
2nd Student Name & Email
Both comments and pings are currently closed.

Comments are closed.

Powered by WordPress