NIST 800-171 Compliance

Any organization that processes or stores sensitive, unclassified information on behalf of the US government is required to be compliant with the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) cybersecurity standards. This may include contractors for the Department of Defense, universities and research institutions that receive federal grants, or organizations providing services to government agencies.

NIST 800-171 sets standards for safeguarding sensitive information on federal contractors’ IT systems and networks. By requiring best-practice cybersecurity processes from government contractors, the resilience of the whole federal supply chain is strengthened.

NIST 800-171 specifically focuses on the protection of Controlled Unclassified Information (CUI) and seeks to ensure that such sensitive government information located on contractors’ networks is both secure and protected.

Compliance with NIST 800-171 is a contractual obligation for contractors handling CUI on their networks and these organizations are expected to conduct self-assessments to determine and maintain compliance. So, it’s important that the requirements are fully understood and assessed.