Certification Highlight – NIST 800-171 Guidelines

Saline Lectronics Blog

What does a NIST 800-171 certification mean to you? Better protection of your controlled unclassified information while doing business with an electronics contract manufacturer (CM). If a company meets the NIST 800-171 guidelines for Information Technology (IT) security, that CM is a provider you can trust with your sensitive data during printed circuit board assembly (PCBA) and other projects.

The National Institute of Standards and Technology (NIST) created this special publication to develop information security standards, guidelines, and minimum requirements for federal information systems. Saline Lectronics is proud to have a Certificate of Conformance proving our alignment with the NIST 800-171 guidelines. It’s just one more certification added to our list, proving our dedication to quality and setting us apart from our competitors.

What Is NIST 800-171?

The full title of the most recent, revised version of NIST Special Publication (SP) 800-171 is “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” NIST 800-171 deals with the ability of the U.S. government to carry out missions and business operations without risking the security of Controlled Unclassified Information (CUI). Protecting the confidentiality of CUI takes special systems, requirements, and processes in PCBA and electronics manufacturing in general.

NIST 800-171 certification is proof that an establishment has the necessary processes, tools, and resources to properly protect CUI. NIST 800-171 requirements apply to all organizations that store, process, or transmit CUI, as well as all components of nonfederal IT systems and those that protect such components. Federal agencies under contract with non-federal organizations can use CUI requirements to protect their information. If an electronics CM has NIST 800-171, it is an appropriate choice for PCBA and other projects that involve sensitive information and data.

What Requirements Are Necessary for NIST 800-171 Certification?

Not all customers require their CMs to have NIST 800-171 certification, but some Department of Defense contracts legally must go to certified CMs according to federal law. Even if it’s not a legal requirement, contracting with a CM that has 800-171 certification can help ensure the safety and protection of your information. To obtain the NIST 800-171 certification, a CM must fulfill the following basic requirements:

  •      Limiting system access. This electronic CM must have processes in place that limit system access to authorized users only. Access control policies and enforcement mechanisms should exist at the application and service levels for proper information security. CMs may define access privileges by account, type, or both.
  •      Controlling the flow of CUI. CMs must control where CUI can travel between systems within the establishment, without regard to who can access the information. Examples include blocking outside traffic, restricting internet requests, and controlling CUI transfers between organizations.
  •      Preventing non-privileged users from executing the functions of privileged users. CMs must separate individuals’ duties according to authorized privileges to reduce the risk of fraud. Then, the CM must instate processes to prevent non-privileged team members from accessing information that only privileged workers should have access to.
  •      Automatically shutting down sessions due to suspicious activity. There should be a limit to unsuccessful log-in attempts to help prevent the wrong people from accessing protected information. Posting warning banners when logging into organizational systems and locking or terminating sessions after periods of inactivity are examples of actions CMs could take to protect information.
  •      Encrypting remote access sessions. CMs should have control over remote access, or access to organizational systems from external networks, at all times. This can include using cryptographic mechanisms to protect remote access confidentiality. Maintaining strict access control points can also enhance CUI security.

The list of requirements to comply with the rigorous NIST 800-171 certificate is long and detailed. The federal government takes the protection of CUI very seriously. If a CM has proof of compliance with NIST 800-171 requirements, it means it fulfills the numerous standards and expectations of the National Institute of Standards and Technology. This is an impressive certification that customers should not take lightly.

How Saline Lectronics Uses Its NIST 800-171 Certification

Saline Lectronics obtained the NIST 800-171 certification to illustrate to customers we’re a trusted electronics contract manufacturer for projects involving controlled unclassified information. As a non-government entity, we had to fulfill the pages of IT security requirements to receive this certification. It is proof that our manufacturing facility has the processes and security measures in place to ensure the protection of customers’ sensitive information and company data.

Contact us if you need to partner with an electronics CM you can trust with strong IT security. The NIST 800-171 certification we now proudly display proves our dedication to smart security systems and processes we’ve had in place for our customers’ benefit. We can accept your most security-sensitive projects.