So many companies are finding the cybersecurity requirements of NIST SP 800-171 imposed upon them. This site is dedicated to helping companies implement NIST SP 800-171.
NIST SP 800-171 is designed to establish guidelines for an organization to control the security of their Controlled Unclassified Information (CUI). This CUI includes documents like drawings and specifications provided by the Government for the realization of a contract.
There are over 100 specific requirements in NIST SP 800-171. These requirements address a wide variety of topics, ranging from passwords and employee training through cryptography and authentication processes. Some of the requirements are specific to the handling of CUI, while others are applied to the entire network, all users or the whole facility.
Implementation of the requirements of NIST SP 800-171 will cause headaches for virtually any organization. The pain-points for different organizations will vary. A small organization will have different challenges than a large organization. Some organizations begin approaching the implementation process with a more mature security structure or a greater technical sophistication, based upon the nature of their business. All of these factors will affect the difficulty associated with effective implementation.
To meet the requirements of DFARS 252.204-7012, which is being incorporated into all new DoD contracts involving CUI, all of NIST SP 800-171 must be implemented in your organization.
On This Site: