cubes in the dark with a yellow one standing out

How to comply with the NIST Cybersecurity Framework

Improve cybersecurity for critical infrastructure

What is the DFARS/NIST Program?

The National Institute of Standards and Technology (NIST) is part of the U.S. Department of Commerce. As one of the nation's oldest physical science laboratories, NIST provides technology, measurement, and standards to the U.S. government and its agencies.

The NIST Cybersecurity Framework provides a voluntary set of guidelines for managing and reducing cybersecurity risk. Organizations across many industries and countries are now using the Framework as a basis for risk management discussions and decision-making.

Titus solutions help organizations align with the Identify, Detect, and Respond functions of the Framework, as described below.

NIST icon

challenge and solution icon

The challenge

The NIST Cybersecurity Framework provides a set of guidelines for managing and reducing cybersecurity risk. Organizations across many industries and countries are using the Framework as a basis for risk management discussions and decision-making – in particular the contractors and subcontractors who have to comply with the program in order to be eligible to do business with U.S. governmental agencies.

The solution

Titus solutions help organizations align with the Identify, Detect, and Respond functions of the Framework, as described below.

How does it work?

Identify: Access management

Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

ID.AM-3: Organizational communication and data flows are mapped.

Titus solutions monitor user handling of email and documents, producing log files that can be used to track data flows and communication. Titus solutions can also provide a data inventory of files stored on-premise and in the cloud.

ID.AM-5: Resources are prioritized based on their classification, criticality, and business value.

With support for automated, system-suggested, and user-driven classification, Titus solutions enable organizations to identify the sensitivity and business value of unstructured data.

Protect: Data security

Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

PR.DS-1: Data-at-rest is protected.

Titus solutions identify the sensitivity and value of unstructured data-at-rest and apply information protection policies to that data, such as encryption.

PR.DS-2: Data-in-transit is protected.

Titus solutions for Outlook and mobile devices provide protection for email data-in-transit. Titus also has various solutions to protect files and documents as they are moved to new locations, including the cloud.

PR.DS-5: Protections against data leaks are implemented.

Titus provides multiple levels of protection, from interactive policy warnings and security education to encryption and policy enforcement.

Detect: Anomalies and events

Anomalies and Events (DE.AE):  Anomalous activity is detected in a timely manner and the potential impact of events is understood.

DE.AE-3: Event data are aggregated and correlated from multiple sources and sensors.

As users work with email, documents, and files, Titus logs user activity and sends the information to a central server, such as a syslog server, McAfee ePO, or a Titus-defined reporting database.

DE.AE-5: Incident alert thresholds are established.

Titus log events are categorized at different severity levels. In addition, each event has a unique ID that can be leveraged for more fine-grained alert threshold management.

Respond: Analysis

Analysis (RS.AN): Analysis is conducted to ensure adequate response and support recovery activities.

RS.AN-3: Forensics are performed.

As users work with email, documents, and files, Titus logs meaningful activities for detailed reporting, analytics, and threat detection.

RS.AN-4: Incidents are categorized consistent with response plans.

Titus events are categorized at different severity levels, and events can be correlated to specific response plans through reporting and analytics.

Take the CUI compliance requirements seriously

Non-compliance with CUI can have serious consequences, including lost business and . As your trusted advisor, Titus can provide you with assistance to interpret the CUI requirements and ensure that you are implementing data protection policies accordingly to maintain compliance.

NIST white paper screenshot

Solution brief: NIST SP 800-171 and CUI Compliance

Learn how to meet NIST SP 800-171 and CUI compliance requirements to protect Controlled Unclassified Information.

Download (.pdf)

Titus chevron

Get the data protection you need today

Let's meet with you to assess and tailor your needs for
what's best for you and your users.

Request a Demo