NIST 800-171 guidelines were developed by the National Institute of Standards of Technology, a non-regulatory agency of the United States Department of Commerce.
Their purpose is to provide recommendations on security controls for information systems at companies dealing with federal agencies, thus helping them ensure compliance with HIPAA, SOX, and other related US regulations. While not an international standard, this set of recommendations is, in fact, a US equivalent to ISO 27001.
Similarities Between NIST 800-171 and ISO 27001
Even though NIST 800-171 and ISO 27001 have some differences, there are lots of similarities between the two. While NIST 800-171 is designed specifically for non-Federal (commercial) enterprises, with a separate set of guidelines – NIST 800-57 – developed to cover Federal systems and organisations, ISO 27001 is a more general standard and can be applicable to organisations of all types.
Both NIST 800-171 and NIST 800-57 can be mapped to each other, as well as the international ISO 27001 standard in the key control areas, including:
- Authorise Access to Security Functions
- Non-Privileged Access for Non-security Functions
- Auditing Use of Privileged Functions
- Automated Monitoring / Control
- Protection of Confidentiality / Integrity Using Encryption
- Managed Access Control Points
- Authentication and Encryption
- Full Device / Container-Based Encryption
- Portable Storage Devices
- Publicly Accessible Content
- Role-Based Security
- Processing Failures
- Configuration Settings
- Device Identification and Authentication
- Password-Based Authentication
- Incident Monitoring
- Cryptographic Protection
- Risk Assessment
- Vulnerability Scanning
- Voice over Internet Protocol
- Protection of Information at Rest
- Security Alerts, Advisories, and Directives
- Inbound and Outbound Communications Traffic
Maytech File Sharing Certifications and Compliances
At Maytech, we are ISO 27001 certified and this covers the majority of NIST 800-171 requirements. For the full list of all areas and the details of the specific similarities and differences, please download our PDF with mappings based on Appendix D of NIST 800-171.
If you need more information, visit our website for the complete list of all security features and compliances.