OREANDA-NEWS. Fujitsu Limited today announced the Japan launch of an assessment consulting service to help customers meet the requirements of NIST Special Publication 800-171, a publication from the National Institute of Standards and Technology (NIST) which sets out the US security standards for nonfederal information systems and organizations handling controlled unclassified information. This consulting service, available from today in Japan, will provide insight into the status of customer systems’ compliance with NIST SP800-171 security measures and will formulate policies needed to support the standard.

The assessment consulting service will provide customers with a low-cost, rapid assessment of the state of their compliance with NIST SP800-171 security measures. Moreover, based on the results of the assessment, it will also offer everything from system integration meeting the individualized requirements of each customer, to 24/7/365 monitoring and operations of customer systems through its Fujitsu Security Solution Global Managed Security Service and system recovery in the event of an incident. This represents total support for NIST SP800-171 security measures for customer systems.

Fujitsu will also bring its Fujitsu Cloud Service K5 into compliance with the security standards of the NIST SP800 series during fiscal 2018, offering highly secure and reliable cloud services.

Going forward, Fujitsu will accelerate support for a variety of international rules, and for Japan's supply chain as well, will implement security measures that offer safety and stability, thus contributing to the expansion of Japanese industry in international society.

Background

NIST SP800-171, published by NIST in June 2015, sets out the US requirements for security measures for Controlled Unclassified Information (CUI) being handled by Nonfederal Organizations. There are just over 100 requirements, including technical as well as non-technical requirements.

In recent years, there has been an accelerating movement in the US requiring NIST SP800-171 compliance, as seen, for example, when the US Department of Defense (DoD) published a notice about US defense equipment procurement requiring that all Nonfederal Organizations around the world supplying defense and other equipment to the DoD support the security measure standards set out in NIST SP800-171 by December 31, 2017. Going forward, it is expected that security measures complying with NIST SP800-171 will be required not just for defense-related industries, but for other industries as well. In the same way, a movement is also expected in Japan to set up CUI protection technologies similar to those required in NIST SP800-171 in private companies, not just for companies that are in US supply chains.

In order to comply with NIST SP800-171, however, companies may have to shoulder a significant cost and operations burden in order to set up security measures that meet the standards.

For this reason, together with Fujitsu Research Institute and Deloitte Tohmatsu Consulting LLC, on October 19 Fujitsu launched the assessment consulting service in Japan to provide insight into the status of customer systems’ security measures with regard to NIST SP800-171, and to formulate measures to improve them. In addition, Fujitsu will offer total support for NIST SP800-171-compliant security measures for customer systems through its system integration handling development and its Global Managed Security Service providing operations and monitoring services, according to the needs of each individual customer.

Features of the Assessment Consulting Service

This service provides everything from insight into customer system's compliance with NIST SP800-171 to the formulation of policies to achieve compliance, through cooperation between Fujitsu Research Institute, which has abundant knowledge and experience from consulting on topics such as formulating business continuity plans, and Deloitte Tohmatsu Consulting, which has experience with cutting-edge cybersecurity and can collect information on the latest developments at NIST as soon as it is available. With this service, it is now possible for customers to quickly and optimally handle such tasks as the formulation of strategy for managing resources and risks when supporting NIST SP800-171, which is difficult to handle on their own. Thereafter, Fujitsu will provide total support suited to the customer's needs, including system building, operations, and recovery support.

Figure: Overview of solutions for NIST SP800-171 supportFigure: Overview of solutions for NIST SP800-171 support

Future Plans

The launch of this solution for supporting NIST SP800-171 is the first in a series of services that Fujitsu will offer going forward, meeting the requirements set out in FedRAMP, a set of cloud procurement standards for the Japanese government currently under discussion, and supporting customers by helping Japanese businesses expand globally and ensuring safe and stable security measures in the Japanese supply chain.