If you’ve been tasked with implementing NIST Special Publication 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” you should first consider your data types, risk tolerance, and security maturity.
Whether required under Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204.7012 or as a security baseline, 800-171 focuses on protecting the confidentiality of data.
As a risk management tool, 800-171 can be used to show maturity levels and map to other frameworks, including ISO and NIST 800-53. Designed to easily to tailor to individual risk profiles, implementing the 110 controls successfully will require a solid understanding of how information is stored, processed or transmitted within your company.
Federal regulations, including DFARS 252.204-7012, may require the implementation of NIST SP 800-171 to protect Controlled Unclassified Information, or it may be used as a supplement to NIST 800-161, Supply Chain Risk Management.
Sera-Brynn specializes in evaluating and implementing 800-171 to align with your risk profile. Let our experts help you with your solution.