Arnerich Massena has recently been awarded with an Attestation of Competency (certification) of NIST compliance, a status indicating that the firm meets the highest standards of data and technology security. The requirements for NIST certification are extremely stringent, and we are proud to be able to showcase the security work that our technology team has done.
David Vaughan, the firm’s director of technology, answers a few questions below about what NIST certification is and what it means for our clients.
What does NIST certification mean to Arnerich Massena clients?
Having NIST compliance should provide our clients with a strong sense of confidence that their data assets are in very good hands. We see this as a testimony that highlights our commitment to security compliance and another way we strive to provide a world-class client experience. Our goal is to become a leader in the finance industry with regard to adhering to and exceeding security standards. Cybersecurity can be considered a “moving target”: the key for us is to remain proactive and continually identify the best security tools, services, and policies to keep our program secure.
How did Arnerich Massena become NIST-certified?
Arnerich Massena takes very seriously the security of our clients’ data, and we have been working diligently over the years to establish a strong security infrastructure. We are extremely proud to have earned NIST compliance certification by successfully passing a highly demanding security assessment from US Protech, Inc., a leading security firm whose processes are validated by the U.S. Department of Commerce to exceed the High-Impact Baseline standards (under NIST 800-53). We have adopted several services and new capabilities such as intrusion detection, encryption, and managed firewall, and by implementing an array of firm-wide policies and procedures.
What’s next for Arnerich Massena’s security program?
The certificate we earned for being NIST-compliant is an enormous accolade and something we are delighted to share with our clients. Looking ahead, we will continue to track NIST recommendations, adopt new tools, re-evaluate existing ones, consider additional expert services, and continue to develop policies and procedures to ensure that we remain NIST-compliant this year and beyond.
What is NIST?
NIST is short for The National Institute of Standards & Technology. NIST was founded in 1901 and is part of the U.S. Department of Commerce, sometimes described as “the most important U.S. government agency you’ve never heard of.” They are tasked with creating the framework for how the government operates. One area in which they play a prominent role is cyber security: during his tenure, President Obama called upon NIST to “lead the development of a framework to reduce cyber risks to critical infrastructure.” NIST has since developed their cyber security framework, which defines what standards and guidelines are considered best practices with regard to security controls. These standards and guidelines (endorsed by the government) are then used to help federal agencies comply with the Federal Information Security Management Act (FISMA).
What advice would you give to other firms who are looking to button up their own security?
Find a good security partner who can help you establish a sensible roadmap to your goals. Be patient and make sure your entire team is on board. Be willing to invest the time and money required to start building your program. And remember that there is no “silver bullet” when it comes to security: it’s about focusing on the best tools and policies to meet your security needs.