NIST 800-171 R1 Compliance Made Easy for Defense Contractors

The laws are on the books and the auditors are starting to enforce compliance, so how can an expensive and complicated compliance requirement become much easier to obtain for defense contractors?

First, let’s understand from the table below that NIST 800-171 R1 is a subset of controls from the FedRAMP Baseline, which is a subset of controls and control enhancements from the gigantic NIST 800-53 R4 document.

NIST 800-171 R1 is simply the minimum set of controls, as adopted by the U.S. Department of Defense, required to protect controlled unclassified information (CUI) outside of the government. FedRAMP is the Federal Risk and Authorization Management Program, which is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Another simple way to say that is, “FedRAMP is US government audited secure application and data hosting”.

Since NIST 800-171 R1 is just a 38% subset of the FedRAMP control baseline and FedRAMP compliance is where the commercial hosting market is headed to satisfy the needs of hosting government data, then the easiest and often least expensive way to ensure conformity with NIST 800-171 R1 is to host your company’s applications and data in a FedRAMP-Authorized Cloud.

Todd Bylsma is a founding partner of GlassFire, which partners with Lifeline Data Centers in Indianapolis.

Screening Data Center Providers: Discerning a Provider that Won’t Let You Down

data-center-colocation

For companies looking to quickly expand their data center capabilities without building out their own facilities, outsourcing is increasingly a favored, no-brainer option. While outsourcing options abound, pinpointing the one that best fulfills your company’s needs and long-term goals without wasting resources requires careful consideration of numerous factors.

Choosing a data center provider based purely on budget and short-term wins would be a costly mistake you’re guaranteed to regret when the apparent savings bite back in technology misfires, unreliable performance and extended downtime. Save yourself the headache and dollars by screening potential providers with the following criteria—key attributes of a data center that won’t let you down.

1. Certifications
Data centers are generally evaluated by the Uptime Institute and classified based on the performance of their infrastructure, uptime and other factors that determine reliability. With each Tier level, I through IV, the data center’s infrastructure costs and operational complexities increase, according to Uptime. Also, Tier IV centers are required to demonstrate a higher level of uptime. Uptime Institute recommends that companies analyze their business applications and needs when making a decision on data center providers.

2. Compliance
It’s critical that a data center provider keeps you in compliance with regulations specific to your industry. Many companies face audits, including SSAE 16, NFPA, TIA-942, HIPAA, FISMA, FDA, PCI/DSS and Sarbanes-Oxley. It is imperative that the data center provider you choose possesses expertise with regard to these audits.

3. Data Center Location
One of the most critical factors of a reliable data center provider is location. Access it to determine the history of natural disasters in the area, including tornadoes, hurricanes, earthquakes and floods. Other factors that can influence the data center’s resilience and ability to bounce back from crisis scenarios include proximity to other businesses and first responders, like police officers and firefighters.

4. Facility
The data center building should feature state-of-the-art equipment, cooling and updated infrastructure, including structural reinforcements. It also should be well guarded by security officials.

5. Redundant Power/Cooling
A quality data center includes quality generators, uninterruptible power supplies, power delivery, utilities and cooling infrastructure systems. When screening providers, ask specific questions about Service Level Agreements (especially about uptime); electrical and cooling; redundancy power architecture; backup systems; monitoring; and transformers.

Since 2001, Lifeline Data Centers has earned a reputation as a leader in data center compliance, uptime, and innovation—including a notable recognition as one of the 20 most promising data center providers in 2016 by CIOReview, citing Lifeline’s 99.999% uptime, multi-layered security systems, highly compliant processes, and “superior and compliant” workspace. The company is also currently undergoing the arduous task of becoming FedRAMP-authorized—the highest level of clearance to house government and military data.

Find out if Lifeline is the provider you’ve been searching for. Visit lifelinedatacenters.com. Also read the Chamber’s recent BizVoice magazine feature on the company.

Want to learn why EMP shielding, FedRAMP certification, and Rated-4 data centers matter to your business? Download Lifeline’s infographic series on EMP, FedRAMP, and Rated-4! Read online.