NIST stands for National Institute of Standards and Technology. NIST 800-171 was established after FISM (Federal Information Security Management Act) was passed in 2003.It is a unit of US Commerce Department. It promotes and maintains measurements standards. The National Institute of Standards and Technology (NIST) created Special Publication 800-171 to help protect Controlled Unclassified Information (CUI).Its goal was to protect the Legal information of Business man, citizens, and government.

What is CUI Controlled Unclassified Information?

Controlled Unclassified Information (CUI) is both digital and physical information that is sensitive and relevant to the interest of United States (US).This information requires safeguarding with applicable rules and regulation.

What is NIST 800-171

NIST 181-171 is particularly a set of measures and standards that define the way how to safeguard and distribute material deemed sensitive but not classified. It was created to improve cybersecurity after many incidents. The primary reason, according to the National Institute of Standards and Technology, is “a national imperative” to make it confirm that unclassified information that isn’t a part of federal information systems and organizations is properly protected which helps the federal government to carry on successfully its desired missions. For the certain government agencies most commonly DoD (Department of Defense),GSA (General Services Administration), and NASA (National Aeronautics and Space Administration),a revised set of rules for NIST requiring anyone who works with CUI from those agencies to impose some specific security measures for how to handle and report non-compliance to the agencies COI. Every effected company is now required to access and document their compliance in handling this info than a dozen areas, from the way their networks are configured, to the way and all media is protected to the way employees receive access to the NIST 800-171.Every agency had a unique set of rules foe data handling, safeguarding and disposing of material. These inconsistent standards cause a challenge and potential security concerns when multiple contractors become a part of the process.

14 POINTS OF NIST 800-171

NIST 800-171 is a risk assessment document and a contractor must have to comply with it. There are some primary requirements for the fulfillment of the NIST assessment. A contractor have to implement and document the 14 points mentioned below:

  1. Access Control
  2. Awareness and Training
  3. Audit and Accountability
  4. Configuration Management
  5. Identification and Authentication
  6. Incident Response
  7. Maintenance
  8. Media Protection
  9. Personnel Security
  10. Physical Protection
  11. Risk Assessment
  12. Security Assessment
  13. System and Communications Protection
  14. System and Information Integrity


There are few standards must be met by anyone who processes, store or transmits sensitive information (CUI) for the DoD, GSA or NASA and other federal or state agencies. Achieving NIST 800-171 compliance require diving deep into your networks and procedures are properly addressed. Failure in this may cause an affect in any dealing with these agencies, including severance of contract. If you missed the deadline then you could be at the risk of losing contract and relationships with the agencies. Meeting the standards set by the NIST 800-171 may take time but there are few cybersecurity practices you can put in place to protect your business, your data and sensitive information.


NIST Compliance is an important requirement for a contractor. There are some essential requirements and standards in the regulation that are needed to be fulfilled by a contractor. In order to keep the sensitive data safe and Controlled Unclassified Information (CUI) you need a experienced service provider otherwise you can lose your data and also you can lose your contract and relationship with agencies.