The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. 商务部. NIST的使命是促进美国.S. innovation and industrial competitiveness by advancing measurement science, 标准, and technology in ways that enhance economic security and improve our quality of life. NIST promotes their mission by developing special publications that are devoted to specific information security topic. At Schneider Downs we have experience advising our clients using NIST guidance and frameworks such as:

NIST网络安全框架

Created through voluntary collaboration between industry and government, 框架由标准组成, 的指导方针, and practices to promote the protection of critical infrastructure. 的优先考虑, 灵活的, 可重复的, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.

NIST 800 - 53年

This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations..

NIST 800 - 61

This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.

NIST 800 - 30

This document provides guidance for carrying out each of the three steps in the risk assessment process (i.e., 为评估做准备, 进行评估, and maintain the assessment) and how risk assessments and other organizational risk management processes complement and inform each other.

NIST 800 - 171

This publication provides federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI): (i) when the CUI is resident in nonfederal information systems and organizations; (ii) when the information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and (iii) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, 监管, or government wide policy for the CUI category or subcategory listed in the CUI Registry.

NIST 800 - 82

This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, 分布式控制系统(DCS), and other control system configurations such as Programmable Logic Controllers (PLC), 同时解决他们独特的表现, 可靠性, 以及安全要求.

施耐德·唐斯NIST评估方法

We begin our assessment by working closely with you to understand your business processes in order to understand the NIST special publication that best pertains to your organization . We will work with and interview key individuals within the business and information technology services responsible for compliance with the NIST special publication. We will evaluate your compliance with all control requirements through review of documentation supporting the operating effectiveness of controls. 当我们的评估完成后, we will provide your organization with a detailed compliance assessment report outlining corrective action plans with a detailed roadmap for achieving NIST compliance.