NIST 800-171 sets standards for safeguarding sensitive information on federal contractors’ IT systems and networks. By requiring best-practice cybersecurity processes from government contractors, the resilience of the whole federal supply chain is strengthened.
NIST 800-171 specifically focuses on the protection of Controlled Unclassified Information (CUI) and seeks to ensure that such sensitive government information located on contractors’ networks is both secure and protected.
Compliance with NIST 800-171 is a contractual obligation for contractors handling CUI on their networks and these organizations are expected to conduct self-assessments to determine and maintain compliance. So, it’s important that the requirements are fully understood and assessed.