Are You NIST SP 800-171 Compliant?

Protect the Federal Controlled Unclassified Information (CUI) In Your Care.

Organizations that store, process, or transmit federal controlled unclassified information (CUI) are required to follow NIST SP 800-171, the federal standard for handling CUI in non-government systems. If they don’t, they will be disqualified from bidding on or holding federal and defense contracts.

If you aren’t sure whether the federal data and records you handle are CUI, or if you aren’t sure whether you have the right safeguards in place to protect that CUI, contact Telos® Corporation. We’re the leading experts in the NIST way of managing risk and ensuring security compliance for federal IT systems and information.

Achieve NIST SP 800-171 compliance quickly with the leader in NIST standards

We’ll help you identify the federal information you hold that might qualify as CUI and show you what you need to do to become NIST SP 800-171 compliant, and maintain that compliance moving forward. Our Xacta® solution for NIST assessments streamlines and automates many of the steps involved for NIST SP 800-171 requirements so our security experts can get you compliant faster and help you stay compliant.

Assure your government customers that their information is safe with you

Keep from losing vital federal and defense contracts

Establish and maintain a CUI-specific risk management and compliance program

Over a Hundred Security Controls Across 14 Categories: Are You Ready?

NIST SP 800-171 specifies 110 security controls organized into 14 categories. We’ll help you take control of the challenge by identifying which controls apply to your requirements and guide you to meeting them.

  • Access Control
  • Configuration Management
  • Maintenance
  • Physical Protection
  • System and Communications Protection
  • Awareness and Training
  • Identification and Authorization
  • Media Protection
  • Risk Assessment
  • System and Information Integrity
  • Audit and Accountability
  • Incident Response
  • Personnel Security
  • Security Assessment

Telos offers the experience and capabilities you need for NIST SP 800-171 compliance. Using our proven methodologies and certified security personnel, Telos can provide the level of support necessary to exceed your requirements, resulting in exceptional results.

Our certified and cleared professionals will:

  • Scope the situation.

    First, Telos will help you identify any federal information in your custody that falls into one of the National Archive’s 22 categories of CUI. Then we’ll assess the people, processes, and technologies in your organization that store, process, or transmit CUI or provide security and administration to the CUI in your care.

  • Identify the security controls you need.

    NIST SP 800-171 specifies 110 security controls organized in 14 families to assure best practices in protecting CUI. Using our Xacta solution, Telos will identify the controls you need to comply with, supplemented by best-practice configuration requirements for the hardware, software, and networks involved. We’ll document the security safeguards you have in place, mapping each mechanism for securing and protecting the CUI to the relevant security controls.

  • Review and define your security architecture.

    We’ll evaluate the current architecture of your CUI-related systems and recommend any modifications needed to meet the requirements of NIST SP 800-171. Afterward, we’ll document that the new security architecture properly separates corporate and government client information to isolate CUI into its own security domain.

  • Assess your compliance with security controls.

    We start by assessing your current state of compliance with the identified security controls. We then plan and conduct the assessment, which will include compliance and vulnerability testing of technical controls and evaluation of security policies, procedures, and administrative controls through interviews, reviews, and inspections.

  • Address anything that needs remediation.

    After identifying any vulnerabilities or non-compliant controls, we’ll assess the residual risk of the system and recommend steps for remediation or mitigation documented in a comprehensive action plan (POA&M, or Plan of Action and Milestones).


NIST SP 800-171 Security Assessment Services

Learn more about how Telos can help you Protect the Federal Controlled Unclassified Information (CUI) In Your Care.

NIST SP 800-171 Brochure | Telos

Learn more about Telos products, services, and solutions.