NIST 800-171 compliance in Mac-based offices

If you’re a Department of Defense contractor in New York City, MacMaven Consulting can help your company attain CMMC certification. For those companies using Macs and still searching for security expertise, here is some advice from the trenches:

  • Hire a consultancy that has extensive experience in information security, ideally at large businesses. If a firm’s experience revolves around firewall and anti-virus installation, that’s not nearly sufficient. In fact, it’s a drop in the bucket. Remember, 800-171 contains 110 security controls. Many of these controls are common in Fortune 500 companies, not the smaller businesses that Mac support companies typically cater to.
  • Investigate FedRAMP-compliance before using a cloud service. While the rest of the world relishes in using simple, subscription-based cloud services, DoD contractors are much more limited. Relatively few of the popular SaaS services are FedRAMP certified or have FedRAMP- equivalent security. Be prepared to deploy and maintain on-premises solutions.
  • Don’t be shy about using other operating systems. Macs can be locked down per 800-171 standards, but you’ll almost certainly need to use another operating system for enterprise security systems, like your SIEM.
  • Get 100% buy-in from your company’s management. They need to understand that security takes time and will be a significant expense. The business will be impacted to some degree during the implementation of 800-171. Good project management can minimize this impact.

Leave a Reply

Your email address will not be published. Required fields are marked *