WHAT IS NIST 800-171 (DFARS)?
The NIST 800-171 standard, Protection Controlled Unclassified Information in Nonfederal Information Systems and Organizations¸ defines controls to safeguard information such as controlled technical information, or other information that would be described as controlled unclassified information (CUI) or covered defense information (CDI). This standard provides security controls for U.S. federal information systems besides those related to national security matters.
For contractors, implementing NIST 800-171 is a requirement that must be met prior to the December 31, 2017 deadline. Contractors and relevant organizations that fail to fully implement NIST 800-171 by that time will be precluded from contracting with the DoD. This applies to all prime contractors and their subcontractors. Organizations that maintain NIST 800-171 compliance can maintain government contracts, as well as win new Federal contracts, in addition to improving their overall information security.