National Institute of Standards and Technology (NIST) has published series of special publications on Information Security Standards for Federal Government sectors.
Most commonly referred publications are:
• NIST SP 800-53: Recommended Security Controls for Federal Information Systems
• NIST SP 800-171: Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations
NIST standards are developed for the government organizations to secure their information systems. There is no certification scheme available based on the NIST standards. Contractors are now required to comply with NIST SP 800-171 with target deadlines. Very often the government also requires contractors to comply with NIST SP 800-53.
If organization is not willing to go for ISO 27001 registration, DQS can conduct independent conformity assessment against the NIST standard. After successful assessment, DQS will issue a “Letter of Conformance (LOC)” and detailed assessment report as evidence of conformance to the applicable NIST standard. The assessment report and LOC will be valid for one year. Reassessment will be required for continuous evidence of conformance.