- (443) 795-5112
- sales@summitbiztech.com
For NIST 800-171, federal contracts often require the use of contractor-owned information systems to process federal information. These information systems do not always meet government security standards, which has led to information being compromised.
As a result, Defense Federal Acquisition Regulations (DFARS) stipulate that DOD contractors and subcontractors that process, transmit or store sensitive information, or what the government calls Controlled Unclassified Information (CUI), or Federal Contract Information (FCI) must comply with the cybersecurity requirements listed in the National Institute of Standards and Technology (NIST) publication 800-171 (NIST 800-171).
Controlled Unclassified Information (CUI) is sensitive government-related data that is not classified but still requires safeguarding. It includes personally identifiable information, financial data, patent applications and inventions, court records, death records, military personnel records, federally funded research, critical infrastructure data, U.S. Census data, federal taxpayer information, and proprietary business information. The types of data considered CUI are identified in the National Archives and Records Administration (NARA) CUI Registry and the Department of Defense (DoD) CUI Registry, which provide detailed categorizations and guidance on proper handling.
To comply with NIST 800-171, it helps to understand how the requirements are structured.
Our team of consultants can help you begin your compliance journey, or meet you in the middle, wherever you may already be. Contact us to ensure your journey to compliance is successful.
