NIST 800-171

Protecting Controlled Unclassified Information

Are You In Compliance?

The deadline for NIST 800-171 compliance for defense contractors is “as soon as possible, but no later than Dec. 31, 2017.”


If your organization hasn’t already started on a roadmap to NIST compliance, further delays will impact your ability to think carefully about what you need and how to do it. Missing the deadline could mean losing your contracts.


Every organization is different, so step by step instructions to achieve DFARS compliance is seldom one size fits all, but a common starting point is understanding where CUI is stored, processed, and transmitted. It’s important you understand the requirements for documentation as well as the plan for incident response. A good place to start is reviewing your existing contracts. They may contain FAR 52.204-21 which can provide a very basic set of requirements.


Don’t risk your contracts! Contact Stronger to schedule a NIST gap assessment. Our trained professionals are DoD experts and are brutally honest about which controls need to be implemented, identifying those that may be partially implemented and controls that are not being done. We can provide you rapid response and expert insights on how to apply NIST 800-171 in a way that is effective for your organization’s risk profile. Then, once your gap assessment is complete, your organization will be ready to start closing those gaps and we can help you every step of the way. Don’t delay, NIST requirements can be complex and costly to implement especially on a large scale the longer you wait. Call Stronger today.

Download the full NIST 800-171 publication here.

What are the requirements?

In short, there are 14 sections broken down into 110 required controls. The sections cover risk management and computer security principles that should be familiar to anyone working in information technology:

  • Access Control
  • Awareness and Training
  • Auditing and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System & Communication Protection
  • System and Information Integrity

Next Steps

Stronger can offer help in 5 focus areas of services that will benefit both large and small contractors, and give smaller organizations the ability to understand the regulations and comply.


Don’t wait until the last minute to be in compliance.

Call Stronger today so we can help guide you through this process.

eNIST Executive Briefing/Training Seminars Understanding what the requirements are and what planning/best practices should be in place to comply.


Technical Training  How to execute the plan. Performing a Gap Assessment and making the necessary changes needed for compliance.


Application Security Training  All programmers and engineers who are involved with applications, coding, and websites need to understand the OWASP Top 10 and how the fundamentals of application development are integral to a complete security strategy and part of NIST 800-171 (3.13.2).


Security Awareness Training  Security Awareness Training specifically focused on the NIST 800-171 training requirement but can be expanded by the organization as a platform to include other Security, Privacy and Compliance areas. This modular training is designed for all end-users and is a key element of a comprehensive security program that is required under NIST. Stronger checks all the boxes in this NIST checklist.


NIST-Ready Consulting FastTrack  Specialized consultancy designed to help organizations achieve full compliance in a compressed time period tailored to the unique needs of your organization. Deep focus on helping your teams understand and comply with the NIST 800-171 regulations as they relate to your unique business. From policy writing and incident response plans to in-depth security upgrades and overhauls, Stronger is the perfect solution for any organization facing the headache and complexity of complying with the new NIST 800-171 requirements.