Notification

Icon
Error

NIST 800-171 Compliance - Manufacturing IT implementing NIST Compliance

Posted: Thursday, October 26, 2017 8:07:59 PM(UTC)
MikeRigsby

MikeRigsby

Member Original PosterPosts: 17
0
Like
Anyone out there in IT within the Manufacturing industry and working on implementing the government compliance NIST 800-171 by Dec. 31st?

I'm curious if anyone in this situation who also uses LANSweeper has any scans, reports, added fields, etc. that they are using, or creating, for implementing some of the NIST requirements since it has a lot of requirements for change management, network inventory management, etc.
Renroth
#1Renroth Member Posts: 1  
posted: 4/17/2019 11:58:57 PM(UTC)
Originally Posted by: MikeRigsby Go to Quoted Post
Anyone out there in IT within the Manufacturing industry and working on implementing the government compliance NIST 800-171 by Dec. 31st?

I'm curious if anyone in this situation who also uses LANSweeper has any scans, reports, added fields, etc. that they are using, or creating, for implementing some of the NIST requirements since it has a lot of requirements for change management, network inventory management, etc.


Yep,
However - Dec 31st of what year ?
You were talking about 2017 as the requirement was originally set.
I don't know of any single IT admin org who could possibly comply in true faith.
You need an IT fleet to set up the framework, documentation, scans and you'd be doing nothing else.
For a year.

~Rich
rader
#2rader Member Posts: 52  
posted: 7/20/2021 10:13:17 PM(UTC)
While this thread is old, we're in manufacturing and I've started the process recently towards CMMC Level 1 for starters, and hope to be compliant by the end of the year.

I can build on that to get to NIST 800-171 eventually.
Joeatheist
#3Joeatheist Member Posts: 2  
posted: 11/16/2021 7:46:24 PM(UTC)
Originally Posted by: MikeRigsby Go to Quoted Post
Anyone out there in IT within the Manufacturing industry and working on implementing the government compliance NIST 800-171 by Dec. 31st?

I'm curious if anyone in this situation who also uses LANSweeper has any scans, reports, added fields, etc. that they are using, or creating, for implementing some of the NIST requirements since it has a lot of requirements for change management, network inventory management, etc.



I'm hoping to reinvigorate this conversation. Has anyone created any custom reports for either NIST 800-171, DFARS, or CMMC compliance? Would love to see what is out there. I am certain that Lansweeper can be a powerful tool to use in our compliance efforts.

Thanks in advance for your time and information!

Kind regards,

Joe Schwartz
IT / Cybersecurity Manager
Ciao Wireless, Inc.
MikeRigsby
#4MikeRigsby Member Original PosterPosts: 17  
posted: 11/16/2021 8:41:01 PM(UTC)
It might also help for those of us having to deal with NIST 800-171, DFARS, and CMMC to figure out exactly what type of data from LANSweeper would be beneficial.
Joeatheist
#5Joeatheist Member Posts: 2  
posted: 11/17/2021 8:53:06 PM(UTC)
Originally Posted by: MikeRigsby Go to Quoted Post
It might also help for those of us having to deal with NIST 800-171, DFARS, and CMMC to figure out exactly what type of data from LANSweeper would be beneficial.


Agreed. It would also be nice if the CMMC accreditation board would make up their minds as to what will actually be required of us. From what I have read there are expected changes to CMMC ver 2.0 already. Not to mention that genuine CUI does not yet exist. If you remember we were told that older contracts will not be modified and therefore we will not be required to meet the compliance standards "Retro-actively", and that any CUI we receive in the future will be clearly labeled as such. To this day our company has yet to receive anything, that according to the DoD, is "labeled at both the top and bottom of the document", with the markings that would identify it as Controlled Unclassified Information.

Kind regards,

Joe Schwartz
IT / Cybersecurity Manager
Ciao Wireless, Inc.
MikeRigsby
#6MikeRigsby Member Original PosterPosts: 17  
posted: 11/17/2021 9:19:49 PM(UTC)
It's especially fun when you work for a contract manufacturer, like the company I work for, where some of our customers are under the compliance requirements and some aren't.

CUI wise, there is a CUI Registry, https://www.archives.gov...led-technical-info.html, that gives at least some decent guidelines on what should and shouldn't be considered controlled unclassified information, but it's still supposed to be up to the prime to be clearly labeling their data accordingly. Half the time THEY don't even know what is and isn't CUI.

We were working on CMMC Level 3, but now with the most recent changes we're shifted down to Level 2. In theory it should be easier to implement now, but we'll see. At least we're now allowed to have a POAM under CMMC.

Originally Posted by: Joeatheist Go to Quoted Post
Originally Posted by: MikeRigsby Go to Quoted Post
It might also help for those of us having to deal with NIST 800-171, DFARS, and CMMC to figure out exactly what type of data from LANSweeper would be beneficial.


Agreed. It would also be nice if the CMMC accreditation board would make up their minds as to what will actually be required of us. From what I have read there are expected changes to CMMC ver 2.0 already. Not to mention that genuine CUI does not yet exist. If you remember we were told that older contracts will not be modified and therefore we will not be required to meet the compliance standards "Retro-actively", and that any CUI we receive in the future will be clearly labeled as such. To this day our company has yet to see anything, that according to the DoD, that has been labeled at both the top and bottom of the document with the markings that would identify it as Controlled Unclassified Information.

Kind regards,

Joe Schwartz
IT / Cybersecurity Manager
Ciao Wireless, Inc.


Active Discussions

Lansweeper Multiple Devices Owned by Users (asset relations)
by  Adrian Scott   Go to last post Go to first unread
Last post: 6/22/2022 5:34:51 PM(UTC)
Lansweeper SW installed for specific users account
by  SteveN63  
Go to last post Go to first unread
Last post: 6/22/2022 2:45:00 PM(UTC)
Lansweeper Chrome 103
by  Esben.D   Go to last post Go to first unread
Last post: 6/22/2022 1:19:39 PM(UTC)
Lansweeper Critical Splunk Enterprise Vulnerability Fixed
by  Esben.D  
Go to last post Go to first unread
Last post: 6/21/2022 1:12:19 PM(UTC)
Lansweeper Make a report display physical servers only
by  KevinA-REJIS   Go to last post Go to first unread
Last post: 6/20/2022 2:19:58 PM(UTC)
Lansweeper Parameterized reporting
by  RC62N  
Go to last post Go to first unread
Last post: 6/17/2022 2:46:23 PM(UTC)