NIST 800-171

NIST 800-171 Standard

With the nation’s security on high alert, the DoD is cracking down on all contractors to be sure they don’t represent a security risk.
Compliance Manager GRC is the best way to stay on top of the changing rules and ensure the requirements are being met.

Download Datasheet

Produce the Required Documentation

NIST SP 800-171 is a NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI). Defense contractors must implement the recommended requirements contained in NIST SP 800-171 to demonstrate their provision of adequate security to protect the covered defense information included in their defense contracts, as required by DFARS clause 252.204-7012. The implementation of the security requirements included in NIST SP 800-171 is necessary if a manufacturer is part of a supply chain for DoD, General Services Administration (GSA), NASA or other federal or state agency. The new CMMC 2.0 is scheduled to replace NIST 800-171 in the future.

Perform and Score a NIST (SP) 800-171 Self-Assessment

Under the DoD CMMC Interim Rule, contractors are required to complete a self-assessment and submit their score to confirm their compliance with NIST (SP) 800-171 before they can be awarded DoD contracts. Compliance Manager GRC’s built-in Rapid Baseline Assessment can quickly walk you through each of the 110 controls to create a baseline assessment and initial score using the scoring methodology dictated by DFARS clause 252.204– 7020 to generate an itemized scorecard for each of the 110 controls included in NIST (SP) 800-171.

Featured Product Highlights For Center For NIST (SP) 800-171

Compliance Manager GRC allows you to use all of your current IT security tools, software and systems to meet the requirements of NIST 800-171 . . . while you maintain compliance with all your other IT requirements, regardless of source. The built-in Standard Management Templates allow you to quickly determine if you can “check the boxes” for every control, identifies the gaps, and automatically prepares all of the documents you need to comply with the regulation.

Here are a few of the value-added features you get:

Rapid Baseline Assessments – Quickly identify gaps where you are not compliant with the law

Technical Risk Assessments – Full risk assessment to meet the NIST (SP) 800-171 security requirements

Auditor’s Checklist – Easy access for auditor to quickly verify compliance with every requirement

Plan of Action & Milestones – Tracking and management of things you need to do to become compliant

Policies & Procedures Manual – Required documentation of everything you need to do.

Automated Documentation & Storage – Helps speed up the review process in the event of an audit or law suit.

Bullphish Integration – Helps with end-user training


The CMMC Interim Rule came into effect on November 30, 2021. But the new process was so complex, the DoD established a 5-year implementation time frame, and established the Interim Rule to bridge the gap. Within a year, CMMC 2.0 was announced, simplifying the process. But the 5-year implementation schedule remained in place, and the Interim Rule is still in place, and 800-171 is still the defacto standard to follow.



800-171 requirements include specific policies and procedures that employees must follow. Compliance Manager GRC includes an Employee Portal to track and enforce employee security awareness training and CMMC policy compliance attestation.

Full-Featured to Manage the NIST (SP) 800-171 Compliance Along with All Your Other IT Requirements

Compliance Manager GRC is simple to use, and you don’t have to be a compliance expert to manage the specific parameters for NIST SP 800-171 compliance. Compliance Manager GRC automatically loads the specific requirements and controls you need to implement to comply. Best of all, you can also track everything that’s in scope for your IT operation at the same time, and on the same dashboard, regardless of source.


Whether complying with the requirements of the NIST (SP) 800-171, tracking the terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility.


Assuring compliance with NIST (SP) 800-171 – as well as all your other IT requirements such as CMMC Interim Rule – is easy with Compliance Manager GRC. You get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation.


Compliance Manager GRC is affordable, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk, and compliance platforms. Whether you manage compliance for your own organization, or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo