San Francisco Circuits (SFC), a provider of PCB (printed circuit board) fabrication, assembly and test services for unmanned systems and robotic platforms, is now fully compliant with the National Institute of Standards and Technology (NIST) Special Publication 800-171. The publication defines a set of standards for companies to adhere to in order to protect potentially sensitive data and information pertaining to United States federal or state agencies.
Compliance with 800-171 is required for non-federal companies that need to protect Controlled Unclassified Information (CUI) – sensitive information that is not classified but is still relevant to the interests of the United States government. The standards define how to safeguard and distribute sensitive material, ensuring that unclassified information that is not part of federal information systems and organizations is properly protected and consistent. Under the federal regulations, companies that have NIST 800-171 compliance are required to assess and document handling of information in more than a dozen different areas.
Most projects pertaining to government contracts require NIST 800-171 certification according to federal law. The process to achieve certification is complex and involved, with a number of requirements to fulfill:
Limiting access to the system – processes must be in place to limit system access to authorized users only
CUI flow control – CUI can be transmitted to a number of different locations and users, and the transmission/flow must be controlled and monitored
Prevent non-privileged users from gaining access – there must be a clear separation of individuals’ responsibilities, to reduce the risk of fraud and improper transmission of sensitive information
Automatic session shutdown due to suspicious activity – login attempts much be limited, and warning banners and locking mechanisms that terminate sessions after a period of inactivity must be implemented
Encrypting remote access and sessions – strict protocols for remote access are required, to ensure that connections are properly encrypted to prevent information from being stolen or improperly accessed
By achieving this important certification, San Francisco Circuits has shown its commitment to following proper precautions for the protection of sensitive information, aligning itself with the requirements of the U.S. federal government.