As of December 31, 2017, all current Department of Defense contractors must be compliant with DFARS Part 252.204-7012. These security requirements are defined in NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.

TITUS solutions help organizations meet the requirements of NIST SP 800-171 in the Security Requirement Families of Access Control, Awareness and Training, Audit and Accountability, Media Protection, and System and Communications Protection, as described in the following tables.

3.1 Access Control

NIST SP 800-171 Requirement Support with TITUS
3.1.3 Control the flow of CUI in accordance with approved authorizations. TITUS can apply special handling rules and dissemination controls to CUI, including recipient clearance checking, redaction of sensitive information, and automated encryption.
3.1.9 Provide privacy and security notices consistent with applicable CUI rules. As users handle email and documents, TITUS provides privacy and security notices, helping to make users accountable for protecting CUI. These notices can be in the form of CUI banners and portion markings in email and documents, as well as policy alerts within Outlook and Office.

3.2 Awareness and Training

NIST SP 800-171 Requirement Support with TITUS
3.2.1 Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. TITUS provides targeted, real-time security education as users work with CUI in email, documents, and files. These alerts and messages increase awareness about the organization's policies, standards, and procedures for protecting CUI.
3.2.2 Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities. TITUS reinforces security training by providing real-time policy alerts and CUI handling instructions as users work with unstructured data in email, documents, and files.

3.3 Audit and Accountability

NIST SP 800-171 Requirement Support with TITUS
3.3.1 Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. As users work with email, documents, and files, TITUS logs events for detailed reporting, analytics, and threat detection. This information can be used to monitor the effectiveness of security policies and analyze how users interact with CUI.
3.3.2 Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions. TITUS logs the actions of individual users as they handle CUI and other sensitive information in email, documents, and files. These logs can be used to create detailed reports on user activity, helping to hold users accountable for their actions.

3.8 Media Protection

NIST SP 800-171 Requirement Support with TITUS
3.8.4 Mark media with necessary CUI markings and distribution limitations. TITUS applies CUI-compliant markings and distribution limitations to email, documents, and files. With support for automated, system-suggested, and user-driven classification, organizations have the flexibility to choose the best marking methods for their environment.

3.13 System and Communications Protection

NIST SP 800-171 Requirement Support with TITUS
3.13.1 Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. TITUS applies metadata to unstructured data so that other security solutions can identify and protect CUI in email, documents, and files. This metadata can be used by existing technology investments, such as DLP, CASB, encryption, archiving, and guards and gateways.
3.13.4 Prevent unauthorized and unintended information transfer via shared system resources. TITUS prevents unauthorized and unintended information transfer by applying protection to files where they reside, quarantining files that are stored inappropriately, and flagging files for follow-up where risks are identified.
3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. TITUS can automatically apply encryption/ERM to email, documents, and files containing CUI. A variety of solutions are supported, including Ionic, Microsoft RMS, Symantec PGP, S/MIME, and others.
3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. TITUS integrates with a variety of encryption solutions that employ FIPS-validated cryptography, such as Ionic and Microsoft RMS.

TITUS CUI Whitepaper

Meeting Controlled Unclassified Information (CUI) Requirements

Start a free trial

Contact us for more information

As of December 31, 2017, all current Department of Defense contractors must be compliant with DFARS Part 252.204-7012. These security requirements are defined in NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.


TITUS solutions help organizations meet the requirements of NIST SP 800-171 in the Security Requirement Families of Access Control, Awareness and Training, Audit and Accountability, Media Protection, and System and Communications Protection, as described in the following tables.

3.1 Access Control

NIST SP 800-171 Requirement Support with TITUS
3.1.3 Control the flow of CUI in accordance with approved authorizations. TITUS can apply special handling rules and dissemination controls to CUI, including recipient clearance checking, redaction of sensitive information, and automated encryption.
3.1.9 Provide privacy and security notices consistent with applicable CUI rules. As users handle email and documents, TITUS provides privacy and security notices, helping to make users accountable for protecting CUI. These notices can be in the form of CUI banners and portion markings in email and documents, as well as policy alerts within Outlook and Office.

3.2 Awareness and Training

NIST SP 800-171 Requirement Support with TITUS
3.2.1 Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems. TITUS provides targeted, real-time security education as users work with CUI in email, documents, and files. These alerts and messages increase awareness about the organization's policies, standards, and procedures for protecting CUI.
3.2.2 Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities. TITUS reinforces security training by providing real-time policy alerts and CUI handling instructions as users work with unstructured data in email, documents, and files.

3.3 Audit and Accountability

NIST SP 800-171 Requirement Support with TITUS
3.3.1 Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. As users work with email, documents, and files, TITUS logs events for detailed reporting, analytics, and threat detection. This information can be used to monitor the effectiveness of security policies and analyze how users interact with CUI.
3.3.2 Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions. TITUS logs the actions of individual users as they handle CUI and other sensitive information in email, documents, and files. These logs can be used to create detailed reports on user activity, helping to hold users accountable for their actions.

3.8 Media Protection

NIST SP 800-171 Requirement Support with TITUS
3.8.4 Mark media with necessary CUI markings and distribution limitations. TITUS applies CUI-compliant markings and distribution limitations to email, documents, and files. With support for automated, system-suggested, and user-driven classification, organizations have the flexibility to choose the best marking methods for their environment.

3.13 System and Communications Protection

NIST SP 800-171 Requirement Support with TITUS
3.13.1 Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. TITUS applies metadata to unstructured data so that other security solutions can identify and protect CUI in email, documents, and files. This metadata can be used by existing technology investments, such as DLP, CASB, encryption, archiving, and guards and gateways.
3.13.4 Prevent unauthorized and unintended information transfer via shared system resources. TITUS prevents unauthorized and unintended information transfer by applying protection to files where they reside, quarantining files that are stored inappropriately, and flagging files for follow-up where risks are identified.
3.13.8 Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards. TITUS can automatically apply encryption/ERM to email, documents, and files containing CUI. A variety of solutions are supported, including Ionic, Microsoft RMS, Symantec PGP, S/MIME, and others.
3.13.11 Employ FIPS-validated cryptography when used to protect the confidentiality of CUI. TITUS integrates with a variety of encryption solutions that employ FIPS-validated cryptography, such as Ionic and Microsoft RMS.

TITUS Classification Datasheet

MENU

FOLLOW US

EMAIL

CALL US