Compliance Standards Library

NIST 800-171

  • Updated

What is NIST 800-171?

  • NIST 800-171 is a NIST Special Publication that provides requirements for protecting the confidentiality of controlled unclassified information (CUI). NIST 800-171 is also the draft control set for CMMC 2.0 (moderate). CMMC is anticipated to become a requirement for DoD contractors in the near future.


Who should be NIST 800-171 compliant? 

  • Government contractors and companies looking to work with the United States federal government who store or process Controlled Unclassified Information (CUI)


What is the timeline for NIST 800-171 compliance?

  • Preparation will likely take between three and nine months. 


What can Vanta automate? 

  • Vanta can help monitor and test almost all NIST 800-171 controls. Vanta will run tests and provide continuous monitoring to ensure the appropriate authorities are completed and evidence that the controls have been met can be delivered to potential customers and clients.



Does NIST 800-171 require a formal audit? 

  • NIST 800-171 does not require a formal audit. You must provide evidence that the security controls have been met to the government agency requesting the information, which may choose to complete an audit. CMMC certification will require a formal audit from a CP3AO.