NIST-SP-800-171
Requirements for non-federal CUI processing.
Definition
SP 800-171 is derived from SP 800-53 and structured for DoD, NASA, GSA contractors. Compliance required by DFARS 7012 (Defense). CMMC (Cybersecurity Maturity Model Certification) by DoD mandates levels 1 to 3 aligned on SP 800-171 since 2024.
Origin
NIST SP 800-171 v1 published June 2015 ; Rev. 3 May 2024.
Example in context
A Lockheed Martin subcontractor achieves CMMC level 2 (110 SP 800-171 controls) to continue receiving DoD contracts.
Related terms
- SP 800-53 — federal parent.