Dictionaries define compliance. Business define compliance. We have our personal interpretations of compliance. To me, it means:
Following what is recommended to achieve a similar result.
In life, there are always people willing to tell you what to do and how to do it. IT security is no different, so get over it. You may think you know everything, but for once, please be humble enough to just listen. In this topic, I will be writing about the Department of Commerce, the division known as NIST (National Institute of Standards and Technology) and why they are one of the most relevant organizations in our lives.
Step #1: Perform your own internet search on NIST and its history
Step #2: Be very glad that they exist.
OK, all kidding aside. NIST was created to maintain standards. How long is a foot, a mile? What does the official pound weigh? What is the correct Time? This stuff really matters as it is the cornerstone of all society.
In their computer division, they also created a series of security standards. But it’s not all about computers, security starts with people. In this series of articles I’m going to attempt to explain the computer security standards as laid out by NIST and the compliance models that are associated to them and why they are relevant.
So as Bette Davis said, “Fasten your seatbelts, it’s going to be a bumpy night.”
The IT Guy