Case Study

NIST 800 -171 3.1.4

Separate the duties of individuals to reduce the risk of malevolent activity without collusion

Malevolent Activity is when someone is trying to inflict harm on an entity like a person, government or company. Organizations must separate CUI handling and processing based tasks that employees work on in order to minimize the chance that they could purposely perform Malevolent activities. This can be done by physically having job descriptions for your employees that go over what activities related to their jobs include handling of CUI. You should define who has access to CUI in a document and how it is processed, handled and worked on for every person in your organization that you are authorized to access it. You also want to bake in the ability to change, add or modify these responsibilities as the requirements for CUI handling changes. You want to leave the ability to change someones CUI handling responsibilities open-ended, but extremely well defined. When responsibilities are segregated there is less chance that someone can attack, retaliate or formulate malevolent activities. If you lack the expertise in-house, the majority of Managed Security Service Providers have the experience to implement this type of NISP policy.

Single Point of Contact was founded in 1999 and is a Managed Security Service Provider in the San Francisco Bay Area. We tailor our IT security services to take into consideration the every day challenges businesses face. Cybersecurity issues often stem from within an organization, so we take proactive measures to ensure everyone from top to bottom understands the ramifications of a cyberattack. Don’t hesitate to contact us to see how we can help better protect your company.

Subscribe to our Podcast