NIST 800-171 is a security standard created by the National Institute of Standards & Technology. It outlines a standard set of security controls that should be in place to protect Controlled Unclassified Information (CUI) for non-federal agencies.
NIST 800-171 targets non-federal agencies or contractors (or other organizations with access to federal data) whose systems contain controlled unclassified information (CUI) that needs to remain confidential.
Controlled unclassified information is information owned or created by the government which is sensitive but not classified. CUI can come in digital or physical form. Some examples of CUI are personally identifiable information (PII) such as legal material or health documents, intellectual property, or technical data and blueprints.
In order to comply with NIST 800-171, companies who need access to CUI must implement security protocols for 14 areas.
A good first step for starting with NIST 800-171 compliance is to locate and identify any Controlled Unclassified Information that is stored or transferred using your systems or solutions. From there you can categorize the CUI and implement necessary controls.
If you have further questions about complying with NIST 800-171 or other regulations, our compliance professionals are here to help. Click below to contact us and let us know how we can lend a helping hand.
Do you still have questions regarding NIST 800-171? Our compliance professionals can help you to understand and arrange for compliance, regardless of complexity.Contact Us Today