Protecting your Controlled Unclassified Information (CUI)

Our NIST 800-171 assessment focuses on the protection of controlled unclassified information (CUI) in nonfederal systems and organizations. The NIST standard guides organizations with contractors or subcontractors handling CUI and how to protect the confidentiality and security of this data. The requirements laid out in this framework apply to all components of nonfederal systems and organizations when processing, storing or transmitting CUI within their control.

The Department of Defense (DoD) considers this a minimum security standard, which should be in place when working with CUI data. The cybersecurity risks that comes from any third party is a growing concern and the DoD is taking this risk seriously. Throughout the NIST 800-171 standard there’s 110 controls spread across 14 control families that both contractors and subcontractors must implement in order to fulfill the necessary requirements.

The 14 control families within NIST 800-171 that CCSI will evaluate and audit against are:

  • Access Control
  • Awareness & Training
  • Audit and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personal Security
  • Physical Security
  • Risk Assessment
  • Security Assessment
  • System & Communication Protection
  • System and Information Integrity

Key Benefits

Staying compliant with NIST 800-171 is not a one-time approach, it’s a continuous assessment focusing on monitoring, awareness and improvement to your security posture. Working with CCSI we can assist with creating these control families as part of your DNA. The assessment given will shed light on areas of improvement where organizations can measure the risk of CUI data within their network. We’ll create a security plan to layout the requirements and how they relate to your systems and CUI data. We’ll also work to produce a “plans of action” roadmap to identify any unimplemented controls that require mitigation and remediation. We can also take a continuous approach by bringing in our managed security services to assist as a third party to help our clients stay compliant and repetitively meet the DoD’s expectations with NIST 800-171.

Purchase from Our OGS Contract

Visit our State Contract Page for more information

To find out more, contact us today.