CASE STUDY:
Transitioning Cybersecurity governance model from NIST SP 800-53 to NIST SP 800-171

BRIEF:

A large research university needed to align an ongoing development project to the University-standard governance model which utilized NIST SP 800-171. Conforming to this standard ensured the University's compliance with GLBA and the project's compliance with contractual commitments.

ROLE OF MAX2:

Max² conducted a full review of cybersecurity policy and procedure, then updated documented policy to ensure compliance with the NIST SP 800-171 standard while minimizing procedural change and operational impact. The updated policies were then published and implemented, and Max² facilitated tabletop exercises for specific new procedures covering Risk Assessments and Incident Response Planning. Throughout this process, Max² evaluated the ongoing development of the project to advise whether development activities impacted compliance to the relevant standards.

Transitioning Cybersecurity governance model from NIST SP 800-53 to NIST SP 800-171

WHAT WAS DELIVERED?

A full suite of cybersecurity policy documentation which established practices and procedures that establish conformity to the NIST SP 800-171 standard. Facilitation of Risk Assessment and Incident Response exercises. Ongoing evaluation of operational changes during project development with regard to standard compliance.

OUTCOME:

Ongoing, pending 3rd-party assessment of NIST SP 800-171 compliance

INDUSTRIES:

Learn more about our cyber risk assessments, cyber defense investment rationale, security reporting standards, or organizational governance best practices.

GET IN TOUCH