NIST SP 800-171

NIST SP 800-171 stemmed from the Defense Federal Acquisition Regulation System Supplement (DFARS) Case 2013-D018 “Network Penetration Reporting and Contracting for Cloud Services” that was finalized in October 2016. This standard impacts thousands of companies who sell directly to the Defense Department, and many more who sell to its suppliers. 

NIST SP 800-171 required government contractors to provide “adequate security” to protect “controlled but unclassified information” (CUI) by December 31, 2017. While its main objective is to drive better cyber controls to protect CUI in non-federal systems and organizations, navigating the standard requires some understanding of its structure.

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!