NIST Readiness Project

Stanford University is initiating a project to achieve NIST 800-171 compliance for its key high-risk research computing systems (Nero, Carina, and SCG).

Compliance is increasingly crucial to maintaining research capabilities and securing funding streams. The project will implement necessary controls to achieve NIST 800-171 compliance and develop system security plans for Nero, Carina, and SCG.  This comprehensive approach leverages existing security standards and expert consultation to ensure Stanford meets compliance requirements while strengthening its overall cybersecurity posture.

This project will affect researchers, the Office of Research Administration (ORA), the Research Management Group (RMG), the Information Security Office (ISO), and Stanford Research Computing (SRC).
 

Stanford University is implementing a comprehensive NIST 800-171 compliance strategy, focusing on key research computing systems (Nero, Carina, and SCG). The project will leverage existing security standards, engage expert consultants, and develop essential documentation to meet NIST 800-171 controls. This initiative will significantly benefit the Stanford research community by:

1. Ensuring adherence to NIH compliance standards and regulations
2. Enhancing data security protocols against potential threats and breaches
3. Facilitating eligibility for federal grants and funding opportunities
4. Building organizational credibility and trust with stakeholders and partners
5. Identifying and mitigating risks associated with information handling
6. Reducing friction points for researchers, ORA, RMG, ISO, and SRC while navigating the new requirements and identifying compliant environments
7. Fostering a culture of persistent evaluation and enhancement of practices

By achieving NIST 800-171 compliance, Stanford will further safeguard its research capabilities, protect its funding streams, and maintain its position as a leading academic and research institution, benefiting faculty, students, and the broader scientific community.
 

• Assess current IT infrastructure for gaps in NIST 800-171 compliance.
• Implement IT systems, documentation and process changes to meet NIST 800-171 compliance requirements.
• Ensure Stanford's eligibility for federal and state-funded research projects and partnerships by demonstrating compliance.
• Strengthen overall IT security posture, including adherence to Stanford Minimum Security and Privacy Standards (MinSec and MinPriv) and the data classification policy.
• Educate researchers about updated compliance requirements and policies.

• January 2026
   
  • Implement NIST 800-171 controls for Carina, Nero, and SCG
  • Establish ongoing monitoring and maintenance procedures
• May 2026
   
  • Develop NIST 800-171 compliant laptop image
• September 2026
   
  • Draft System Security Plans
  • Update and roll out Security Awareness Training