NIST 800-171 refers to National Institute of Standards and Technology Special Publication 800-171, which governs controlled unclassified information (CUI) in nonfederal information systems and organizations. It is essentially a set of standards that define how to safeguard and distribute material deemed sensitive but not classified. NIST 800-171 was developed after FISMA (Federal Information Security Management Act) was passed in 2003, resulting in several security standards and guidelines. It was created in part to improve cybersecurity, especially after numerous well-documented breaches in the last few years.
Entities that have contractual relationships with state agencies are now required to comply with NIST 800-171. Subcontractors that don’t work directly with state agencies must comply because they do so indirectly. Failure to implement these requirements could result in the loss of work and potentially a severance of contracts.
We’ve studied the ins and outs of this federal mandate, and we’re eager to help companies learn how NIST 800-171 applies to you and to help you achieve compliance, answering questions such as:
The deadline has passed which may leave your government contacts (and data) at risk but there's still time to become compliant and protect your business. But don't be complacent, it can take months to become fully compliant - not to mention providing your partners and contractors peace of mind knowing that their information is safe with you.