NIST SP 800-171 | Federal Requirement

The Department of Defense (DoD) Federal Acquisition Regulations Supplement (DFARS) requires that contractors must be compliant with NIST 800-171 by no later than December 31, 2017.


The NIST 800-171 standard, Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations¸ defines controls to safeguard information such as controlled technical information, or other information that would be described as controlled unclassified information (CUI) or covered defense information (CDI). This standard provides security controls for U.S. federal information systems besides those related to national security matters.

For contractors, implementing NIST 800-171 is a requirement that must be met prior to the December 31, 2017 deadline. Contractors and relevant organizations that fail to fully implement NIST 800-171 by that time will be precluded from contracting with the DoD. This applies to all prime contractors and their subcontractors. Organizations that maintain NIST 800-171 compliance can maintain government contracts, as well as win new Federal contracts, in addition to improving their overall information security.


CUI is defined as, “Controlled Unclassified Information”, a broad category of information the government creates/possesses or that an entity creates/possesses on behalf of the government, including federal contractors that are now required to keep this information confidential. CDI or “Covered Defense Information” is a term coined by the DoD and is used interchangeably with CUI to describe the same cyber security rules and regulations.

Praetorian Secure's NIST 800-171 Assessment Process

Following the testing guidance from the National Institute of Standards and Technology (NIST), Praetorian Secure consults with and conducts NIST assessments to determine your organizations compliance with NIST 800-171.

Praetorian Secure has worked with organizations such as MetLife, United Health, and Xerox (to name a few) on successfully assessing their environments organizations against the NIST 800-171 standard and correctly implementing these requirements to ensure compliance.

We understand what is important to your business operations. Praetorian’s NIST 800-171 assessment methodology was developed by former U.S. Army Agents of the Certifying Authority to ensure a timely and efficient assessment. Our experience will provide you with:

Streamlined Security Control review and analysis

Reduce Effort

Security Technical Implementation Guidelines (STIG) implementation and engineering

Assessment & Remediation

Full Policy Review and Policy Development

Documentation Management

NIST 800-53 and 800-171 Artifact creation and submission (PIA, SSP, SAR, SAP, RAR)

Customized Compliance Package