Are You Ready for NIST 800-171 Compliance?

June 2, 2018


Are you ready to comply with IT security standards as laid out in the National Institute of Standards & Technology’s (NIST) Special Publication 800-171? Recent FAR and DFARS clause updates mandate that many government contractors comply with these IT security standards by December 31, 2017.

NIST SP 800-171 is a set of security requirements made up of 14 families that result in 109 individual controls with the goal of improving the protection of Controlled Unclassified Information (CUI) and/or Covered Defense Information (CDI) between the federal government and their contractors. As such, these requirements may be added or referenced in federal contracts and be a requirement to do business where CUI/CDI is stored, processed or transmitted.

NIST SP 800-171 requirements are referenced and added to DoD contracts using the DFARS 252.204-7012 regulation. However, not just DoD contracts require compliance. If you provide services to the U.S. federal government, you must provide documentation and evidence as to how your organization is protecting CUI/CDI. Sign up today and join Cherry Bekaert as we discuss:

  • What Is Controlled Unclassified Information (CUI)?
  • What is Covered Defense Information (CDI)?
  • How does this apply to prime and subcontractors doing business with the federal government?
  • How is this different than NIST 800-53?
  • What is required for compliance?


  • Neal Beggan, CISA, CRISC, CRMA, Principal, Leader, IT Audit Group | Cherry Bekaert LLP
  • Michael Townsend, CISA, Manager, IT Audit Group | Cherry Bekaert LLP