June 2018: Most Difficult Controls in NIST 800-171

Organizations often want to know how they compare to others with respect to compliance and security posture.  At Exostar we have the scores of a number of suppliers who have completed the NIST 800-171 form so we thought this month we would provide you with the top 10 most difficult controls in the NIST 800-171 control set.  This may be helpful for you to see how you address these top 10/11 controls.

This table below was created from an analysis of approximately 1000 randomly selected suppliers that have completed the Exostar NIST 800-171 form.

The scoring for each of the 110 controls was the sum of the suppliers who have asserted they have not implemented the control or have asserted they will address it within a System Security Plan (SSP) - in either case the control has not been implemented yet. 

We then identified the controls with the largest scores and provided the 11 most difficult controls - because the 10th and 11th were very close together in scoring. 

The difficulty order below is that number 1 is the most difficult of the 110 controls. 

The topics with the highest number of controls are: audit (3), encryption (2) and multi-factor authentication (2).