Don't second guess. Go with experience.

Do it yourself NIST 800-171 Compliance Assessment Course (W/O Bundle)

CyberDefenses Academy




January 9 - 10


Round Rock, Texas Training Facility

Delivery Method



Certification of Completion

Audience / Level





Laptop required

Course Details

Program Introduction

Controlled Unclassified Information (CUI) is at risk and the US Government is getting serious about protecting it. All contractors and subcontractors that are in the business of providing goods and services to the government need to get serious too. Starting with Executive Order 13556 in 2010 and emphasized with the 2014 Federal Information Security Modernization Act (FISMA Reform) the government recognized problems in the supply chain that place Controlled Unclassified Information (CUI) at risk.

NIST Special Publication 800-171 r1 (December 2016) addresses these risks with 14 information security families and 110 information security controls that draw heavily from NIST 800-53. The Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) now imbed mandatory information security requirements directly into contracts with critical compliance dates as early as December 2017.

Join CyberDefenses to review these new federal requirements, discuss approaches to completing the initial assessment, address requirements and achieve compliance. Includes hands-on exercises on how to do the assessment, as well as providing students with needed templates for the required Plan of Actions & Milestones (POA&M) and the Self Attestation Documents.

Purchased alone, this course does not provide you with the full Policy Bundle that is necessary to begin implementation, after you take this class. Click here to include the Written Information Security Program Policy Bundle in your purchase.

Course Objectives

In this course, you will learn about the high level requirements outlined in the NIST Special Publication 800-171. This course will prepare you to perform an assessment to determine whether your organization is compliant and provide you with the templates and tools required to complete it.

Target Student

This course is intended for IT practitioners, business owners and/or project managers with basic IT knowledge that are charged with understanding the impact of NIST 800-171 on their business.


Dave Gray
Dave Gray is a CISSP, CAP and PMP certified CyberSecurity Leader skilled in securing information systems to achieve information Confidentiality, Integrity and Availability. Dave’s focus is Governance, Risk Management and Compliance (GRC) using information security frameworks established by the National Institute of Standards and Technology (NIST) and the Center for Information Security 20 Critical Security Controls. Dave’s focus area is NIST 800-171, NIST 800-53 and CIS CSC 20 implementation.Learn more about Dave Gray
Brian Engle
Brian’s information security career stretches back to 1997 as an Engineering Manager after which Brian’s technical and leadership abilities saw him rise from Senior Information Security Manager to Chief Information Security Officer, first in the private sector and then in successive positions in state government culminating as CISO for the State of Texas.Learn more about Brian Engle

Additional Information

Purchased alone, this course does not provide you with the full Policy Bundle that is necessary to begin implementation, after you take this class. Click here to include the Written Information Security Program Policy Bundle in your purchase.

Course Outline

  • Part 1: CUI – Brace yourself for the new federal contract cybersecurity reality Part 1 includes understanding what Controlled Unclassified Information (CUI) is, why it’s important, the consequences for non-compliance and the multiple timelines for Federal and Defense focused contracts. Understand the compliance process starting with self-assessment, actions to achieve compliance and the new reality of maintaining compliance in the future. Learn to document your status with self-attestation.
  • Part 2: Build cybersecurity into your bottom line and keep your federal business Part 2 includes a detailed review of the NIST 800-171 fourteen security families including 110 basic and derived security requirements. We’ll analyze how this specification matures your organization’s culture into a trained, policy and procedure driven workforce that protects the confidentiality of CUI you’re entrusted with.
  • Part 3: Conduct NIST 800-171 CUI Self-Assessment and create your POA&M Part 3 includes procedures and analysis for the assessment process, including comprehensive underlying requirement details mandated by appendix D and the CUI specific categories and sub-categories in the CUI Registry. Analysis includes identifying compliance/non-compliance and understanding your security maturity relative to industry standards. Procedures include documenting your findings (i.e. non-compliant controls) and developing your Plan of Actions & Milestones (POA&M) to implement corrections.
  • Part 4: Build your CUI Self-Attestation and CUI Deliverables Part 4 includes discussion of the multiple products and deliverables built into NIST 800-171 compliance. Each of these deliverables requires planning, people and resources. In addition to the self-attestation and POA&M, requirements include the Written Information Security Program (WISP), Configuration Management Plan (CMP), Information Security Continuous Monitoring (ISCM), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Security Awareness Program, Security Assessment Plan (SAP), Security Assessment Report (SAR), and the System Security Plan (SSP).

Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.