NIST 800-171 Verification & certification

Government regulation outlining cybersecurity standards and practices.

Find out more
icon as a computer with shield in centre

What is NIST 800-171?

NIST 800-171 is a government regulation outlining cybersecurity standards and practices for non-federal entities that handle Controlled Unclassified Information (CUI) on their networks.

It's part of an array of cybersecurity standards released by the National Institute of Standards and Technology (NIST). NIST 800-171 has received regular updates to line it up with emerging cyber threats and changing technologies.

cgi image of america with connection points
cgi of man holding a light up shield

What's required? Being compliant

The Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) mandates that defense contractors must implement the recommended requirements contained in NIST SP 800-171 to demonstrate their provision of adequate security to protect the covered defense information included in their defense contracts.

What controls are required for compliance?
Access Controls
Audit and Accountability
Identification and Authentication
Media Protection
Physical Protection
Personal Protection
Risk Assessment
System and Communications Protection

Who needs NIST 800-171?

Contractors and subcontractors who have contracts with the federal government.

Contractors for Department of Defense (DoD)
Contractors for General Services Administration (GSA)
Contractors for National Aeronautics and Space Administration (NASA)
Universities and research institutions supported by federal grants
Consulting companies with federal contracts
Service providers for federal agencies
Manufacturing companies supplying goods to federal agencies
for all solutions
NIST 800-171 steps for compliance
Speak to us
Security questionnaire
Tailored Package
The maximum penalty per violation.
percent of the largest and most devastating HIPAA breaches came directly from hacking.
is the typical cost of data breaches across the entire healthcare sector .

Your questions answered

We are constantly add answers to your questions on our site. If you can't find what you're looking for... speak to us.
ProtectOrg's Mantra

For Android, IOS, Linux, MacOS, and Microsoft Workstations and Servers.

Automated systems

24/7 monitoring of your infrastructure.

Endpoint protection

For preventative protection, post-breach detection, automated investigation, and response.
(currently only available for Microsoft and Linux)  

We will advise you daily of your device’s Risk, Exposure levels, and Discovered Vulnerabilities. Timelines of each event are provided to show activity leading up to and after each instance, giving you the vital information on cause and effect.
orange gradient shield with protectorg logo

Simplify your world...

Speak to an expert to find out which plan is best for you. Security & compliance management solutions.
Get in touch
Expert advice
Easy implementation
Compliance verification
Upcoming Webinar - 02/28/23
 'What does a modern SOC (Security Operations Center) do?'