NIST 800 – 171 3.1.3

3.1.3 Control the flow of CUI in accordance with approved authorizations

CUI is Controlled Unclassified Information. This is the data that needs to be protected and you need to protect how it arrives, who has access to it, who might have access to where it is stored, how it is stored, etc. You need to protect this data and how it gets to your network and its ultimate destination. How CUI arrives and who has the authorization to access it is the basis of this control. You should create a workflow diagram and describe how CUI is delivered, through encrypted email, through a secure FTP site, through an encrypted drive, through an upload feature in your SaaS-based product and then describe who is authorized to access it. You also want to make sure that you are in control of this information at all times. You don’t want to allow non-authorized individuals to be able to download, view, or look at this data at any time. If you lack the expertise to implement this type of security policy, contact a Managed Security Service Providers.

Single Point of Contact was founded in 1999 and is a Managed Security Service Provider in the San Francisco Bay Area. We tailor our IT security services to take into consideration the every day challenges businesses face.

Cybersecurity issues often stem from within an organization, so we take proactive measures to ensure everyone from top to bottom understands the ramifications of a cyberattack. Don’t hesitate to contact us to see how we can help better protect your company.

Subscribe to our Podcast