WHAT IS NIST 800-171 COMPLIANCE?

NIST 800-171 is a publication that outlines the required security standards and practices for non-federal organizations that handle CUI (Controlled Unclassified Information) on their networks. It was first was published in June 2015 by the National Institute of Standards and Technology (NIST), which is a US government agency that has released an array of standards and publications to strengthen cybersecurity resilience in both the public and private sectors. NIST 800-171 has received regular updates in line with emerging cyber threats and changing technologies. The latest version (Revision 2) was released in February 2020.

WHO NEEDS TO COMPLY WITH NIST 800-171?

Common organizations that may require NIST 800-171 compliance when working with US government agencies include:

• Defense contractors
• Organizations providing financial services
• Web and communication service providers
• Healthcare data processors
• Systems integrators
• Colleges and universities that utilize federal data or information
• Research institutes and labs receiving federal grants and information