NIST SP 800-171


Manage compliance with NIST SP 800-171 while you manage all your IT other requirements. Satisfy the CMMC Interim Rule at the same time!

Download Datasheet

Stay Ahead of the Changing Rules

With the nation’s security on high alert, the DoD is cracking down on all contractors to be sure they don’t represent a security risk. Compliance Manager GRC is the best way to stay on top of the changing rules and ensure the requirements are being met.

Perform and Score a NIST (SP) 800-171 Self-Assessment

Under the DoD CMMC Interim Rule, contractors are required to complete a self-assessment and submit their score to confirm their compliance with NIST (SP) 800-171 before they can be awarded DoD contracts. Compliance Manager GRC’s built-in Rapid Baseline Assessment can quickly walk you through each of the 110 controls to create a baseline assessment and initial score using the scoring methodology dictated by DFARS clause 252.204– 7020 to generate an itemized scorecard for each of the 110 controls included in NIST (SP) 800-171.

Get a Demo
To see Compliance Manager GRC in action, download the full set of NIST SP 800-171 Compliance Reports.
Get Reports

Produce the Required Documentation

Along with the self-assessment score, defense contractors are also required to submit their System Security Plan (SSP). The SSP describes how the specified security requirements that were assessed are being met. You can generate the SSP off the Baseline assessment, or perform a complete technical assessment first, aided by automated data collection and reporting. Compliance Manager GRC automatically generates the SSP. A Plan of Action and Milestones (POA&M) is also automatically generated by the assessment. The POA&M is a key document for continuous security improvement activities. For each control not implemented based on the assessment, the POA&M lists the mitigating steps needed to become compliant, along with specific deadlines for completion.


The CMMC Interim Rule came into effect on November 30, 2021. But the new process was so complex, the DoD established a 5-year implementation time frame, and established the Interim Rule to bridge the gap. Within a year, CMMC 2.0 was announced, simplifying the process. But the 5-year implementation schedule remained in place, and the Interim Rule is still in place, and 800-171 is still the defacto standard to follow.


800-171 requirements include specific policies and procedures that employees must follow. Compliance Manager GRC includes an Employee Portal to track and enforce employee security awareness training and CMMC policy compliance attestation.


Compliance Manager GRC is a universal IT security assurance platform with both built-in compliance management templates – like NIST 800-171 – plus the ability to track and manage the IT requirements of any insurance policy, business contract, or internal policy and procedure…all at the same time, in the same place

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo