Known more commonly as NIST, the National Institute of Standards and Technology provides cybersecurity frameworks that not only are integral for many government and Department of Defense contracts but are also widely accepted as a solid launch point for most organizations’ cybersecurity efforts. Schellman has been operating in the federal compliance space for years as an accredited FedRAMP 3PAO, and now as a CMMC C3PAO. Over that time, we’ve helped many of our clients decipher the many NIST frameworks as they determined the right direction for them and their environment.

If you’ve ever signed up for a race, you may have had a few options to choose from. Sometimes, there’s a 15k, a 10k, an 8k, and, of course, a 5k, which is generally the starting standard for amateur runners and/or walkers. Each option has a certain degree of difficulty, and all of them require intentional steps for completing the race successfully.

Ever watched Jeopardy? Even if you haven’t, you’re likely familiar with the iconic theme music that plays every time contestants deliberate over their answers—it’s such an iconic tune that it’s become synonymous with waiting for a conclusion that takes quite a while.

When you compare the two tallest mountains in the world—K2 and Everest—some of the facts might surprise you. For instance, did you know that K2’s climbing route is more technical than that of the tallest mountain in the world?

You’ve heard of the Bermuda Triangle, right? It’s that mysterious region in North Atlantic Ocean where it’s said that more than 50 ships and 20 airplanes have disappeared without a trace. Fascinating and discomforting as that may be, the real trouble with the Triangle is that its boundaries are only loosely defined, which no doubt leads to uncertain pilots steering into a bad situation.

Ever watched a personal trainer conduct a workout on social media? Throwing up weights like they’re nothing or repping for what seems like hours before a water break—they make it look so easy. So much so that many people watching leap up to join them, only to realize that, no it’s not that easy, and these trainers operate at the level they do thanks to their dedication and massive, invested effort.

Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial compliance “plates” to choose to channel your effort into—the trick is knowing the differences and which is best for you.

Published by the National Institute of Standards and Technology (NIST), NIST SP 800-171 is a standard created to help organizations protect Controlled Unclassified Information (CUI) from unauthorized access or disclosure.