Symantec Contributes to NIST 800-171 Compliance

Understanding NIST SP 800171

Symantec Contributes to NIST 800-171 Compliance


Apr. 9th, 2019

Much of the United States’ response to the cybersecurity threats facing the nation is a result of coordination between companies and other entities. The underlying assumption is that when information is shared, there is a more effective response to the threats. With that in mind, the Department of Defense initiated the Defense Industrial Base Cybersecurity Program. Recently, Symantec, an industry leader in cybersecurity, announced its plans to join the program.

The DIB Cybersecurity Program is a public-private partnership that provides participants in the program with classified and unclassified information regarding potential threats. In addition, participants also receive best practices regarding information assurance to assist them in their own cybersecurity efforts. By participating in this program, contractors can receive the information necessary to help them exercise better situational awareness with regard to any threats that could potentially compromise the information that is on their systems. At the same time, the participants in the program can share information that they have learned through their own cybersecurity efforts. While companies have their own proprietary processes, the information that they feed into the program can help improve the overall national cybersecurity defense effort.

The DIB Cybersecurity Program is not open to every contractor. In order to join, a contractor will need to have security clearance, the permission to view classified information, and the clearance level to view the particular type of information that they are seeing. While compliance with cybersecurity standards is mandatory, participation in the information-sharing program is voluntary. For this particular program, contractors put their profit motives aside in order to cooperate for the greater good. The program operates under the theory that cooperation works best to protect vulnerable information systems.

Symantec is one of the larger information security companies in the United States. The company has 123 million attack sensors and 175 million protected endpoints at its disposal. Its participation in the program is seen as bolstering cybersecurity defense since there is a national interest in strengthening a large cybersecurity contractor. At the same time, the information that Symantec can share will aid national security since it is one of the companies that is best positioned to learn of new cybersecurity threats as they emerge.

Symantec has been active in providing solutions that assist with NIST 800-171 compliance, which are cybersecurity standards with which companies must certify their compliance in order to do business with the federal government. They are aimed at protecting sensitive information that is housed on contractors’ business systems. Compliance companies such as ComplyUp have been helping government contractors implement the requirements of these standards and can help these contractors stay on top of necessary developments.

The NIST standards have been one of the latest moves in a growing federal government effort to combat the myriad of cybersecurity threats facing the country. Recent examples of hacks have exposed the vulnerability of many information security systems. As a result, cybersecurity defense has been a major priority of the Trump Administration.