NIST 800-171

NIST 800-171

NIST 800-171 is a set of standards designed to safeguard information that is not classified, but that is still crucial to the government’s ability to achieve operations and objectives.

NIST 800-171

NIST 800-171 refers to the National Institute of Standards and Technology Special Publication 800-171, which governs Controlled Unclassified Information (CUI) and applies to Non-Federal Systems and Organizations. These organizations are typically private organizations that possess, transfer or store information the government deems sensitive, but traffic outside federal systems.

At the most basic, NIST 800-171 is a set of standards designed to safeguard information that is not classified, but that is still crucial to the government’s ability to achieve operations and objectives.

The Federal Information Security Management Act, passed in 2003, brought about security standards and guidelines that ensured federal entities preserve the safety of information stored and transferred through the government’s computer systems. NIST 800-171 followed, with a mandate of improving cybersecurity among contractors that work with such government agencies, such as the Department of Defense, General Services Administration and NASA. Per the 800-171 rules, anyone that works with a federal agency and handles CUI must implement specific security protocols.

The NIST 800-171 Families of Security Requirements

Contractors in possession of CUI are required to establish the following 14 key NIST 800-171 families:

  1. Access Control
  2. Awareness & Training
  3. Audit & Accountability
  4. Configuration Management
  5. Identification & Authentication
  6. Incident Response
  7. Maintenance
  8. Media Protection
  9. Physical Protection
  10. Personal Security
  11. Risk Assessment
  12. Security Assessment
  13. System & Communications Protection
  14. System & Information Integrity
 
Steps to NIST 800-171 compliance

Achieving NIST 800-171 compliance requires a significant investigation into networks and procedures. Researching the steps to meet compliance is vital, but understanding and implementing complicated measures can be challenging. Many private organizations do not have the workforce, time or budget to meet compliance before the deadline on a contract passes.

The InfoSystems team of compliance professionals can simplify the process. We provide easy-to-follow actionable steps that will help you meet compliance. We review your networks and processes to identify non-compliant areas, determine if technology needs to be updated or added, and develop an overall plan designed to meet your business needs and achieve NIST 800-171 compliance.

Reach NIST readiness faster by partnering with InfoSystems. Drawing on our unique blend of practical cybersecurity experience and proven in-depth expertise, our team will work with your organization to meet compliance quickly and without hassle.

InfoSystems’ cybersecurity principals are simple.

Be your trusted compliance and risk program advisor

Deliver cost-effective technology to reduce enterprise-wide risk

Provide expert services to compliment internal IT teams

Detect and respond to threats on your organization's behalf

Bring information security leadership to businesses of all sizes

NEWS + EVENTS

HAVE A PROJECT YOU'D LIKE TO DISCUSS?