Who Needs to Comply With NIST 800-171?

The National Institute of Standards and Technology (NIST) is a government agency that develops and maintains standards for a variety of industries, including information security.

What is NIST 800-171?

NIST 800-171 is a set of standards for protecting sensitive information that is transmitted, stored, or processed by organizations. Any organization that collects, stores, or transmits sensitive information is required to comply with NIST 800-171. This includes all businesses, government agencies, and non-profit organizations. NIST 800-171 compliance is a necessary part of doing business in the United States.

Who Needs to Comply?

All federal contractors and grantees who handle Controlled Unclassified Information (CUI) are required to comply with the security requirements outlined in NIST Special Publication 800-171.  This includes any organization that provides goods or services to the federal government and has access to CUI. Examples of companies that may need to comply with NIST 800-171 include:

– IT service providers

– Cloud service providers

– Healthcare organizations

– Financial institutions

– Manufacturing companies

NIST 800-171 compliance is not optional for federal contractors and grantees. Organizations that do not comply with the security requirements outlined in NIST 800-171 may be subject to contract termination, financial penalties, and damage to their reputation.

Organizations that are required to comply with NIST 800-171 must put in place policies and procedures to protect the confidentiality of sensitive information. They must also ensure that their employees are trained in these policies and procedures. Failure to comply with NIST 800-171 can result in civil or criminal penalties.

Resources

There are a number of resources available to help organizations comply with NIST 800-171. The National Institute of Standards and Technology (NIST) has published a guide to compliance, which is available on their website. The Department of Homeland Security also offers a number of resources, including a self-assessment toolkit. Organizations can also contact the Center for Internet Security (CIS) for assistance in complying with NIST 800-171.