Avoid losing federal marketplace business.
Choose the best path below for your needs.
1. What is NIST SP 800-171?
NIST Special Publication 800-171 is the new security and privacy standard that the US government and Department of Defense mandates for non-federal organizations seeking to contract with the US government.
Specifically, SP 800-171 is about protecting Controlled Unclassified Information (CUI). CUI is any sensitive federal information routinely processed, stored, or transmitted by a federal or defense contractor in conjunction with the support and/or delivery of essential products and services to federal agencies.
2. What are some examples of Controlled Unclassified Information (CUI)?
CUI includes credit card and other financial data, web and electronic mail services, background investigative data for security clearances, healthcare data, data required to provide cloud services, and data associated with developing communications, satellite, and weapons systems.
3. Who must be compliant?
Organizations affected by CUI requirements include local governments, colleges, universities, independent research organizations, vendors, sub-contractors and suppliers who process, store, or transmit CUI.
4. When is the deadline?
Organizations processing CUI under DFARS are required to be compliant with NIST 800–171 security requirements no later than December 31, 2017.
Organizations processing CUI under the FAR must be compliant by November 2018.