NIST SP 800-171

Achieve and maintain NIST SP 800-171 compliance before it’s too late.

Avoid losing federal marketplace business.

Choose the best path below for your needs.

Want to learn more? Five essential questions:

1. What is NIST SP 800-171?

NIST Special Publication 800-171 is the new security and privacy standard that the US government and Department of Defense mandates for non-federal organizations seeking to contract with the US government.

Specifically, SP 800-171 is about protecting Controlled Unclassified Information (CUI). CUI is any sensitive federal information routinely processed, stored, or transmitted by a federal or defense contractor in conjunction with the support and/or delivery of essential products and services to federal agencies.

2. What are some examples of Controlled Unclassified Information (CUI)?

CUI includes credit card and other financial data, web and electronic mail services, background investigative data for security clearances, healthcare data, data required to provide cloud services, and data associated with developing communications, satellite, and weapons systems.

3. Who must be compliant?

Organizations affected by CUI requirements include local governments, colleges, universities, independent research organizations, vendors, sub-contractors and suppliers who process, store, or transmit CUI.

4. When is the deadline?

Organizations processing CUI under DFARS are required to be compliant with NIST 800–171 security requirements no later than December 31, 2017.

Organizations processing CUI under the FAR must be compliant by November 2018.

5. What areas of my business are impacted by
NIST SP 800-171?

Click here to get a pdf of the 14 key processes, personnel and controls areas affected by NIST SP 800-171.