National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 outlines cybersecurity-related requirements government contractors. The U.S. Department of Defense (DOD) published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS).​

These requirements protect the confidentiality of Controlled Unclassified Information (CUI) in non-federal systems and organizations. If you are a government contractor, failure to meet these requirements will result in the loss of your contracts. ​

The federal government is placing an ever-increasing emphasis on addressing cybersecurity threats. Any organization doing business with the federal government should expect these types of requirements to continue to evolve and intensify.

Curious where you stand with NIST Compliance?

As of January 1, 2018, government contractors are expected to have implemented the requirements of NIST 800-171. If an audit determines a failure to meet the requirements of NIST 800-171, consequences may include criminal, civil, administrative, or contract penalties – including termination of contracts.

Take our NIST 800-171 compliance quiz to better understand if you’re compliant.

What are the requirements?

NIST has 14 sections broken down into 110 required controls. Organizations can implement a variety of potential security solutions, either directly or through the use of managed services, to satisfy the requirements.

  • Access Control
  • Awareness and Training
  • Auditing and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communication Protection
  • System and Information Integrity