Complying with Legislation

Protecting CUI – NIST SP 800-171 & DFAR contract requirements

Comply with NIST – protect Controlled Unclassified Information

Locklizard document security enables you to easily comply with NIST and DFAR contract requirements for protection of CUI (Controlled Unclassified Information).

Control document access, ensure information becomes inaccessible both automatically and on demand, control document use (e.g. stop printing or lock use to specific locations), log document use and enforce information security controls regardless of where documents reside.

Free 15 Day Trial

Protect PDFs: stop sharing & misuse

Stop unauthorized access and sharing
Control use – stop printing, copying, editing, etc.
Lock PDFs to devices, countries, locations
User and PDF expiry, revoke files at any time

Understanding NIST SP 800-171, DFAR contract requirements & Protection of CUI

DOCUMENT SECURITY

	Regulatory Compliance
	Secure Document Sharing
	Document Leakage
	Internal Document Control
	Document Retention
	DRM Business Benefits

Back in June 2015 the National Institute of Standards and Technology (NIST) published SP 800-171, for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The catchy acronym CUI is used to describe the information.

The intent of the standard is to ensure that:

Statutory and regulatory requirements for the protection of CUI are consistent wherever CUI exists
Safeguards are consistent in both federal and non-federal information systems and organizations
The confidentiality impact value for CUI is no lower than moderate

They define fourteen ‘families’ of security requirements for protecting CUI in nonfederal information systems and organizations. Non-federal organizations can implement a variety of potential security solutions either directly or through the use of managed services.

This standard became mandatory as of 31 December 2017 for all defense suppliers that receive a contract or subcontract subject to the new requirements. What this means is that it becomes a part of the DFAR contract requirement that suppliers will have to meet.

There are provisions that allow organizations to self-certify compliance rather than introducing a formal certification regime. But there is a sting in the tail that in the event of non-compliance being discovered, apart from contract termination there may be actions for criminal fraud and breach of contract.

Distributing documents securely: protecting controlled unclassified information

If you distribute CUI information using PDF documents then you are within the scope of NIST 800-171 compliance and you should consider if you need to:

Control Access

Actively protect the CUI information distributed as PDF documents to sub-contractors and/or authorized third parties
Limit access to only authorized users thereby controlling information posted or processed on publicly accessible information systems
Limit the location(s) from which documents are viewed – i.e. a specific country or location within a country (i.e. lock documents to an organization’s office location)

Ensure information becomes inaccessible

Switch off authorized access in real-time by revoking user access on-the-fly
Revoke documents after they have been distributed
Ensure information expires automatically when it no longer should be viewed – either at a fixed date, after a number of days from first use, or a number of uses (views and / or prints)

Control the availability of documents

Stop use on specific types of device (e.g. mobile devices that can be easily shared)
Prevent printing or limit the number of prints
Stop users taking screen shots by preventing use of screen grabbers
Stop users from distributing uncontrolled copies

Log document use

Audit document use so you can see when your documents have been viewed and printed
See when documents were made available and for what time period
See what location documents were accessed from

Enforce information security

Encrypt documents in transit and at rest
Protect documents on your local computer – unprotected files are always under your control
Ensure that authorized users cannot edit/modify content or save it in an unprotected format
Include dynamic watermarking to identify the authorized recipient
No insecure plug-ins, flash, or passwords to compromise security

Locklizard document security, NIST SP 800-171 & DFAR contract requirements

Locklizard document security can help you comply with NIST SP 800-171 & DFAR contract requirements as well as showing relevant privacy and security notices consistent with relevant CUI rules.

Our document DRM solutions enable you to control access and enforce use of your documents regardless of where they reside. Securely share documents with third parties and control internal access and use.

Our document security products may be hosted on premise so that you have full control over incident response, maintenance, media protection, personnel, physical protection, system and communications protection and integrity.

Locklizard protected documents, being encrypted, check their own integrity at the point of decryption and therefore provide constant integrity checking before use. They can be securely viewed by users using an installed Viewer or via a browser.

Customer Testimonials

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.