With cybercrime on the rise, is it any surprise that the U.S. government is jumping on the cybersecurity bandwagon?

NIST 800-171 aims to prevent serious cyber attacks that compromise government data.

You may, at first, be wondering how this could possibly affect you and your business.

The bottom line is that if you own or operate a company that deals in government contracts, NIST 800-171 is something you need to know about in order to maintain those highly valuable contracts.

HRCT, an IT company in Virginia specializing in what NIST 800-171 is, plus other helpful information about maintaining cybersecurity within your business.

What Is NIST 800-171?

NIST 800-171 is a set of requirements used to safely and effectively transmit federal data — in particular, CUI or Controlled Unclassified Information. The codification provides security protection to non-federal computer systems because sensitive data protection is a shared responsibility.

What Is Controlled Unclassified Information (CUI)?

Controlled Unclassified Information is information that is shared by a government agency with a non-government agency. This puts this type of information in a sort of “limbo.” That is, it is both government-related (and, therefore, extremely sensitive) and shared with a non-government agency (and, therefore, limited in its level of confidentiality and security).

Your business or organization should know right away if CUI is something you handle with because of a government contract. Here are some examples of CUI:

● Health information

● Visa records

● Federally funded research

Who Needs to Follow NIST 800-171 Requirements?

If your company has a contract with any state or federal agency, this means that you are likely dealing with what’s called “CUI” or Controlled Unclassified Information. In turn, this means that you will likely need to follow NIST 800-171 requirements. For example, if you have a contract with NASA or the Department of Defense, everything you do within your business needs to pass the NIST 800-171 protocol.


Even though this information is technically “unclassified,” it originates from or is related to the government; therefore, it is sensitive. Furthermore, where cybercriminals around the world are concerned, even if the data you’re handling doesn’t seem very sensitive, it could be seen as an “in” to actually sensitive government data and data systems.

Do You Need Help With Meeting NIST 800-171 Requirements?

If you have a business or organization that handles government contracts or think there may be a reason for you to follow NIST 800-171 because you deal with Controlled Unclassified Information, you should contact a managed service provider as soon as possible.

Cybersecurity is essential in this day and age. If you do not have the proper protocols in place, you are putting your own business or organization at risk. Likewise, if you are not in line with NIST 800-171 requirements and standards specifically, yet you have government contracts, you are putting those valuable government contracts at risk.

Contact your local IT support company today to learn more about realizing and maintaining NIST 800-171 requirements within your business.