Protecting Unclassified Information in Nonfederal Information Systems and Organizations – NIST SP800-171 or just 800-171 is a codification of the requirements that any non-Federal computer system must follow in order to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such systems. This document is based on the Federal Information Security Management Act of 2002 (FISMA) Moderate level requirements.

NIST SP 800-171 compliance is currently required by some Department of Defense contracts via DFARS clause 252.204-7012.

The Office of Sponsored Programs is responsible for research contracts and will work with and contracting officers to ensure that NIST 800-171 requirements are applicable.  When NIST 800-171 requirements are applicable,  it is advisable to consult NREC and/or PSC,  both of which are capable of supporting this type of research.

NIST SP800-171, NIST 800-171,
Categories: Standards
« Back to Glossary Index