make a good business better
Print Divider Print Divider Branding

Helping You Succeed with NIST Certification and Compliance

LBMC has been in the IT security and compliance business for 20 years. During that time we have amassed considerable experience with FISMA/NIST 800-53. Now we have extended that expertise to NIST 800-171 certification. 

NIST 800-171 FAQs

New to 800-171? Here is some 101 information to get you started.

What's the difference between NIST 800-171 and NIST 800-53?

At a high level, the NIST SP 800-53 security standard is intended for internal use by the Federal Government and contains controls that often do not apply to a contractor’s internal information system. NIST SP 800-53 provides federal organizations with the top level requirements and is more specific to providing security and privacy controls for federal information systems and organizations.

On the other hand, NIST SP 800-171 applies to internal contractor information systems provides a standardized set of requirements for all CUI security needs to allow non-federal organizations to be in compliance with statutory and regulatory requirements by consistently implementing CUI safeguards. Additionally, many of the NIST SP 800-171 controls are about general best security practices for policy, process, and configuring IT securely and this means in many regards, NIST SP 800-171 is viewed as less complicated and easier to understand than its NIST SP 800-53 counterpart.

NIST SP 800-171 is unique in that it is tailored to eliminate FIPS 200 and NIST SP 800-53 requirements that are : 1.) specific to government owned systems, 2.) not related to CUI, or 3.) expected to be satisfied without specifications (i.e., policy and procedure controls). NIST SP 800-171 includes just over a hundred controls broken across 14 control families and is more concise in nature, making it less complex to implement for non-federal organizations.

Who is subject to 800-171 Compliance?

All non-federal agencies that access Controlled Unclassified Information (CUI) and DoD Covered Defense Information require 800-171 certification.

What about AWS, Salesforce, Microsoft, Google & other cloud providers?

Check with the provider. The companies below have statements on their websites clarifying their 800-171 compliance.

NIST Glossary of Acronyms

CAVP  -  Cryptographic Algorithm Validation Program
CFR   -  Code of Federal Regulations 
CIO   -  Chief Information Officer 
CMVP  -  Cryptographic Module Validation Program
CNSS   -  Committee on National Security Systems 
CUI   -  Controlled Unclassified Information 
E.O.  -  Executive Order
FIPS   -  Federal Information Processing Standards 
FISMA   -  Federal Information Security Modernization Act 
ISOO   -  Information Security Oversight Office 
ITL   -  Information Technology Laboratory 
NARA   -  National Archives and Records Administration 
NFO   -  Nonfederal Organization 
NIST   -  National Institute of Standards and Technology 
OMB   -  Office of Management and Budget 
SP   -  Special Publication

Source: NIST Special Publication 800-171

All NIST Reports are not Created Equal

Nist certification iconOur team members have extensive experience on your side of the desk in a variety of industries with security and compliance mandates. This client-side experience means that we understand how data moves between a user entity’s network and its service organizations. We help you achieve compliance while providing the insights your leaders and stakeholders need to make better business decisions.

Whether you are just getting started with NIST certification, or have been navigating regulations for years from another provider, LBMC can help you maintain NIST compliance in a complex landscape.

Get in touch with us by calling  1-844-526-2732 or filling out the form below: