Contents
Status of compliance with NIST SP800-171 (including some ISO 27001 items)
We are committed to maintaining a secure work environment for our services.
In order to provide global consulting services, we will share the status of our efforts to comply with the global security standard “NIST SP800-171”.
What is NIST SP800-171?
NIST
The National Institute of Standards and Technology (NIST) is a government agency under the U.S. Department of Commerce that conducts research on measurement and standards in science and technology.
Inside NIST is the Information Technology Laboratory (ITL), which conducts research related to information technology.
The ITL conducts research in six areas of information technology: Security, Information Access, Mathematics and Computational Science, Software Testing, Networking Research, Statistical Engineering, and Information Access. The CSD (Computer Security Division) conducts research on computer security and publishes various documents. FIPS and SP800 series documents are also published by CSD.
IPA Security Documents about NIST (in Japanese)
https://www.ipa.go.jp/security/reports/oversea/nist/about.html
Special Publications(SP800 Series)
The SP800 series is a series of computer security-related reports published by CSD. The reports are intended for use by U.S. government agencies in implementing security measures. It covers a wide range of security issues, including security management, risk management, security technology, metrics for evaluating security measures, security education, and incident response, making it a useful document for security professionals in both government agencies and private companies.
Click the link below for the original SP800 series document:
https://csrc.nist.gov/publications/sp
SP800-171
Provide the security requirements recommended for federal agencies to protect the confidentiality of sensitive information when the sensitive information is in nonfederal information systems/organizations.
Excerpted from NIST SP800-171, partially edited on our part
When sensitive information is processed, stored, or transmitted to nonfederal organizations that use nonfederal systems, the same level of protection is required as for federal agencies.
Status of Compliance
The numbers in the table correspond to each item in NIST SP800-171 rev2.
Compliance status is a self-assessment made by our personnel and has not been evaluated by a third-party organization.