NIST 800-171

NIST 800-171 Requirements

On December 30, 2015, the U.S. Department of Defense (DOD) published a three-page interim rule to the Defense Acquisition Federal Regulation Supplement (DAFRS) that gives government contractors a deadline of December 31, 2017 to implement the requirements of the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171r1.


The Gap Assessment will focus on the specific requirements of the NIST SP800-171 Security Requirements.  Our internal framework and methodology for evaluating general information security practices will also guide our efforts.  GoldSky Assessors will review and evaluate the Organization’s compliance with the NIST SP800-171 Security Requirements.  This will include:

  • Interviews with key personnel in core functional areas and information technology;
  • Review of documentation to support NIST SP800-171 compliance;
  • Testing of identified NIST SP800-171 controls;
  • Identification of gaps in the Organization’s compliance with the NIST SP800-171 Security Policy.

The Security Requirements defined in NIST SP800-171 will be used as the basis for assessing technical and procedural controls and encompasses the following areas:

NIST SP800-171 Security Requirements
Requirement 1 Access Control
Requirement 2 Awareness and Training
Requirement 3 Auditing and Accountability
Requirement 4 Configuration Management
Requirement 5 Identification and Authentication
Requirement 6 Incident Response
Requirement 7 Maintenance
Requirement 8 Media Protection
Requirement 9 Personal Security
Requirement 10 Physical Protection
Requirement 11 Risk Assessment
Requirement 12 Security Assessment
Requirement 13 System and Communication Protection
Requirement 14 System and Information Security

GoldSky Security offices in Orlando, Denver, Tampa, Nashville, Washington D.C, Phoenix and can help support your NIST 800-171 compliance requirement.

How can GoldSky Security help you?

Contact GoldSky Security today for a Free Consultation.

GoldSky Newsletter

Sign up below to receive the latest news and security updates from GoldSky Security.

“We could not be more pleased with our partnership with GoldSky Security. The experience and professionalism from your team has exceeded our expectations from day one. Your team was on-site within a week of our initial call. We appreciate the responsiveness and expertise you provided in performing our NIST 800-171 Gap Assessment and now CSOaaS program. Having an On-Demand CSO partner to assist us in building a sound cybersecurity program while maintaining NIST 800-171 compliance has proven to be both efficient and cost-effective. Thanks!”

Ed Gillcrist
Founder, The Shackleton Group

Does Your Business Need to be NIST SP800-171 Compliant?