NIST 800-171 details specific federal controls that govern the handling, storage, and use of Controlled Unclassified Information (CUI). Provided by the National Institute of Standards and Technology (NIST), the framework’s primary purpose is to establish self-certified accessibility to sensitive, but unclassified, information that may indirectly impact the interest of the federal government.

How It Works

NIST 800-171 controls are enforced across all contracts or agreements when you represent a government agency or work with one. It contains 110 controls organized into 14 families, with security controls that range from unauthorized physical access of IT systems to proper protocols for change management.

If you work with a federal agency you must self-certify compliance to NIST 800-171 or risk non-compliance that could lead to a breach and loss of contract with these government agencies. Access NIST 800-171 via the Risk Cloud Controls Repository and apply the framework directly to your data management plan.

Why You Need It

• Have confidence that you are compliant with federal requirements for security protocols using CUI data
• Safeguard established relationships and contracts with key government agencies like the Department of Defense