NIST 800-171 details specific federal controls that govern the handling, storage, and use of Controlled Unclassified Information (CUI). Provided by the National Institute of Standards and Technology (NIST), the framework’s primary purpose is to establish self-certified accessibility to sensitive, but unclassified, information that may indirectly impact the interest of the federal government.
NIST 800-171 controls are enforced across all contracts or agreements when you represent a government agency or work with one. It contains 110 controls organized into 14 families, with security controls that range from unauthorized physical access of IT systems to proper protocols for change management.
If you work with a federal agency you must self-certify compliance to NIST 800-171 or risk non-compliance that could lead to a breach and loss of contract with these government agencies. Access NIST 800-171 via the Risk Cloud Controls Repository and apply the framework directly to your data management plan.