Tenable Network Security announced Oct. 13 it would support the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171, a document enumerating guidelines to protect sensitive government information.
As of Oct. 20, 143 active request for proposals (RFP) referenced NIST’s document.
NIST’s framework offers Federal agencies steps to make sure their Controlled Unclassified Information (CUI) is safe in the hands of contractors and non-Federal entities. Darron Makrokanis, vice president of Federal for Tenable, said the SP 800-171 is a a morph between NIST’s Federal Information Processing Standards (FIPS) SP 200 and its SP 800-53, a document published in April 2013 that Makrokanis described as “the bible of all cybersecurity.” Makrokanis said that NIST’s most recent framework is already becoming widely disseminated, as more than 100 RFPs reference the importance of the document.
Tenable’s role is to offer a way for Federal contractors, subcontractors, universities, and non-Federal organizations to see how well they are adhering to NIST’s technical security controls. One tool Tenable provides is the SecurityCenter Continuous View, which automates the assessment of cybersecurity framework controls, granting IT security specialists continuous coverage of their systems and networks so that they can monitor their cyber posture in near real-time.
“We are a critical component,” Makrokanis said. “We don’t claim we can do this all in a vacuum.”
Tenable’s support of SP 800-171 is not the first time the company has worked with NIST. Makrokanis said that, in the past, Tenable has directly supported research and development efforts for NIST and created dashboards for prior SPs.
He stated that SP 800-171 will only grow in prevalence and that it marks an important step in shifting from a reactive security posture to a proactive one. Makrokanis said that the Internet of Things (IoT) leaves people open to an array of potential cyberattacks, and documents like SP 800-171 are the “future.”
“Who’d have ever thought we’d be unplugging our cigarettes to charge our books? If it throws out an IP address, it can be hacked,” Makrokanis said. “Historically, when the government sets out standards, it goes from tactical to practical.”