NIST SP 800-171

Consists of 14 Families

3.1: Access Control

Control of who has physical access to company file systems.

3.3: Audit and Accountability

The ability to catch system events and trace the events back to the origin.

3.5: Identification and Authentication

The ability to identify users and authenticate that identification.

3.7: Maintenance

Plans to keep data secure when any maintenance is needed.

3.9: Personnel Security

Policy and procedure to protect organizational users.

3.11: Risk Assessment

Policy and procedure to regularly assess risk within the organization.

3.13: Systems and Communications Protections

Protection of data while it is being sent or received.

3.2: Awareness and Training

Training organizational users on the importance of cyber-security.

3.4: Configuration Management

Managing the base configuration of all organizational systems.

3.6: Incident Response

Details regarding the organizational response should an incident occur.

3.8: Media Protection

Protection of the physical storage point for organizational data

3.10: Physical Protection

Protection measures for the physical environment or organizational facility.

3.12: Security Assessment

Policy and procedure to regularly assess security measures.

3.14: System and Information Integrity

Ensuring all information contains what it should contain.

Questions and Answers

Q: What is the NIST SP 800-171?

A: The NIST SP 800-171 outlines the expectations for contracting companies that work with or create Controlled Unclassified Information. This includes adhearing to the requirements for the 14 families of protections labeled above.

Q: What is Controlled Unclassified Information?

A: Controlled Unclassified Information has been defined as documentation that does not reach the level of classified but should still be protected and labeled by the entity that creates it. This includes labeling the information created within a contracting company.

Q: What is the difference between regular cyber-security and NIST 800-171?

A: NIST 800-171 outlines deeper procedures and policy requirements to protect the integrity and confidentiality of file systems and computers that house CUI.

Is Your Company Ready?

Answer a few questions and we can help you figure it out.


NIST 800-171 RV 2