hands typing on a laptop keyboard

NIST 800-171 Compliance

NIST SP 800-171 is a standard that defines how to protect and distribute Controlled Unclassified Information (CUI) for government contractors.

Controlled Unclassified Information- CUI is a type of marking tool used by the federal government to identify information and confidential data that is not classified, yet requires protection from unnecessary disclosure (i.e., financial records or Personally Identifiable Information).

Padlock sitting on top of a stack on credit cards

Important Changes in CMMC v. 2.0 Affecting DoD Contractors

Read the Blog

NIST SP 800-171 Contains 110 Security Controls Across the Following 14 Categories:

3.1 Access Control 

3.2 Awareness and Training 

3.3 Audit and Accountability 

3.4 Configuration Management 

3.5 Identification and Authentication 

3.6 Incident Response 

3.7 Maintenance

3.8 Media Protection

3.9 Personnel Security

3.10 Physical Protection

3.11 Risk Assessment

3.12 Security Assessment

3.13 System and Communications Protection

3.14 System and Information Integrity 

3.1 Access Control 

3.2 Awareness and Training 

3.3 Audit and Accountability 

3.4 Configuration Management 

3.5 Identification and Authentication 

3.6 Incident Response 

3.7 Maintenance 

3.8 Media Protection 

3.9 Personnel Security 

3.10 Physical Protection 

3.11 Risk Assessment 

3.12 Security Assessment 

3.13 System and Communications Protection 

3.14 System and Information Integrity 

The 14 Categories Cover 5 Main Elements from the NIST Cybersecurity Framework:

CMMC v. 2.0 & NIST 800-171

The effort to become NIST SP 800-171 compliant has additional benefits to CMMC compliance. CMMC v. 2.0 Level 2 contains the same 110 controls found in NIST SP 800-171. The changes to CMMC v. 2.0 eliminated the additional controls and will allow for many companies to seld-assess rather than go through a third-part assessment. In effect, NIST 800-171 compliance will be your company’s basis for CMMC v. 2.0 Level 2 Compliance.

Learn more about CMMC 2.0

Related Resources

View All Related Resources

Why Comply?

The DFARS clause 252.204-7012 interim rule released on September 29, 2020 requires that all government contract wins issued to contractors are dependent on the contractor inputting a Supplier Performance Risk System (SPRS) score in the SPRS database system. The SPRS score is derived from a contractor’s score calculated based on the NIST SP 800-171 requirements that have been implemented. Your score in the SPRS database may be a consideration during the selection process. 

DFARS Interim Rule Executive Summary  

CMMC is being rolled out by DoD over the next 5 years. DoD expects the number of contracts with CMMC requirements to reach 75 by Fiscal Year (FY) 2022, 250 contracts by FY 2023, and 479 contracts in FY 2024. DoD expects all new DoD contracts to contain CMMC requirements starting in FY 2026. Looking forward, the DoD expects to have 1,500 contractors certified in FY 2021; 7,500 more in FY 2022; 25,000 more by FY 2023; and almost 48,000 by FY 2025. If you are not CMMC certified at the appropriate level prior to contract award, then working on DoD contracts will not be possible.

The Maryland DCAP Grant Program

The Maryland Defense Cybersecurity Assistance Program (DCAP) provides funding and assistance for Defense Contractors to comply with the DFARS and NIST 800-171 Standards for cybersecurity, as well as prepare for the upcoming CMMC certification. The program provides funding and resources for Maryland companies to comply with the cybersecurity standards. Funded by the Department of Defense’s Office of Local Defense Community Cooperation (OLDCC) through the Maryland Department of Commerce, the program is being coordinated by the MD MEP.   

Grant funding is limited and there is waiting list at this time. If you have interest in the program, we recommend submitting an application to the MD MEP Team as soon as possible  – contact us to assist!  

Program Benefits  

  • Up to 60% off mitigation costs.   
  • $2,500 grant funding reimbursement for the CMMC Pre-Assessment.  
  • Reported $513,402,088 total retained sales and $155,158,419 total increased sales from client recipients.  
  • Reported total of 3,051 retained jobs and 136 increased jobs from client recipients.

Braxton-Grant’s 3-Step Cyber Assessment

Braxton-Grant is a cybersecurity consulting organization with NIST SP 800-171 Subject Matter Experts to assist in pre-assessments for organizations with DoD contracts.

We have developed a low-cost solution to help companies get compliant quickly and stay compliant without disrupting your budget.

For more information about how this three-step process would work for your company, please call for a free consultation or contact us to schedule a meeting.

Contact Us

We want to become an extension of your team.

Find out how you can take advantage of our deep experience and expertise. Contact us today!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.