NIST 800-171 Solutions

What is NIST 800-171?

The National Institute of Standards and Technology develops guidelines that members of the cybersecurity community hold as a standard. NIST 800-171 is a mandate for security compliance that applies to entities working with the US Federal Government. Specifically, it addresses the security of Controlled Unclassified Information (CUI). CUI is any information that is regulated, but not classified. The controls and standards required by NIST 800-171 are put in place to protect CUI along the federal supply chain. 


Controlled Unclassified Information or CUI is information in a government contract or provided by a government contractor that is marked or identified as requiring safeguarding or specific distribution controls.

Ex: email addresses, research, engineering data, code, technical reports


Who needs to comply?

Any business that is part of the federal supply chain must achieve NIST 800-171 compliance. These compliance procedures ensure the security of CUI at all points in the supply chain. If your business stores, processes, or transmits CUI, you are required by the NIST 800-171 mandate to have the proper controls in place to protect this information. The mandate states that all businesses in the supply chain should have reached compliance by the end of 2017. If you have not yet reached compliance, Gratia Inc. can help!


How can Gratia Inc. help?

Gratia Inc. is a managed services provider that specializes in helping companies achieve compliance by assessing their information systems, designing and implementing solutions, and continually monitoring the controls they put in place. By making your business NIST compliant, Gratia Inc. will ensure that you are able to maintain your current government contracts and remain eligible for new ones. Additionally, the Gratia Team can assess your business to determine which other types of compliance your business may require.



NIST Lifecycle with Gratia Inc.

Assess – assess existing systems to determine weaknesses and areas of non-compliance

Design – utilize experience and expertise to design the right solutions for your business

Execute – implement solutions to achieve NIST compliance

Manage – constantly monitor and update controls to ensure continued protection



-->