National Institute of Standards & Technology. NIST 800-171 is a companion document to NIST 800-53 that specifies how federal contractors and subcontractors should maintain Controlled Unclassified Information (CUI).

FAR and DFARS specify the criteria for all U.S. federal procurement and contracting processes. As a result, NIST 800-171 offers suggestions and controls that your organization can use to successfully manage and secure all controlled unclassified information (CUI)

To put it simply, NIST 800-53 sets standards and guidance to assist United States government agencies in understanding how to develop and implement information security systems. The release is particularly relevant to how these agencies should deal with the data stored on their systems.

110 controls

Any company that handles CUI must adhere to NIST 800-171. This covers prime contractors working directly for the DoD as well as all subcontractors that deal with CUI, including universities and research institutions.

NIST 800-171's 14 domain families provide a comprehensive framework for safeguarding CUI in non-federal information systems and environments. Adherence to these rules is critical for firms that handle sensitive information, especially those involved in federal contracts.

Implementing NIST 800-171 requires a contractor to conduct an assessment against the 110 security controls described in that document. A contractor must develop a system security plan (SSP) that describes the requirements that it already meets.

If all necessary conditions are met, a score of 110 is given. For each unmet criteria, the associated value is deducted from 110. Consistency stems from the fact that the assessments are based on what has not yet been implemented or documented that all standards have been met.

The System Security Plan (SSP) is the main source of documentation of compliance with NIST 800-171. The paper covers the elements of the organization's system, including devices, software, and hardware in the network.

NIST SP 800-171 Rev.3>