NIST 800-171 Overview

In December of 2016 the National Institute of Standards and Technology published its first revision of Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. The Defense Federal Acquisition Regulation Supplement (DFARS) mandates NIST 800-171 compliance for many defense contractors. The Department of Education strongly encourages NIST 800-171 compliance for organizations subject to the Gramm Leach Bliley Act. And numerous other federal organizations selectively include 800-171 requirements in various contracts.

In short, doing business with the US federal government increasingly requires compliance with NIST 800-171.

Efficiently Master and Maintain Continuous 800-171 Compliance

The NIST 800 Series of Special Publications seem daunting. But we have helped 100s of private sector organizations interpret these requirements and implement programs that efficiently maintain continuous compliance.

We created the Quick Start Compliance Program to help organizations tackle NIST 800-171 rev 1 implementation. Sort of like a gap analysis on steroids, the Quick Start Compliance Program combines the training, technical testing, 800-171 consulting and action planning necessary to implement 800-171 security controls. At the conclusion of this engagement, we provide an actionable plan, templates and 800-171 checklists that you can use to achieve full compliance

Details of the 800-171 Quick Start Compliance Program

The Quick Start Compliance Program is a 3-4 week engagement, culminating with an on-site visit by Lunarline security experts to provide hands-on guidance to your IT and cybersecurity teams. This will involve the following activities:

  1. A high-level review of your organization’s IT and security documentation, diagrams, architecture, and practices.
  2. A boundary definition exercise to help streamline compliance activities by focusing on in-scope assets.
  3. A half-day on-site NIST 800-171 training session.
  4. A roundtable discussion with your team to solve specific compliance challenges.
  5. Technical testing to shed light on security deficiencies and lay the groundwork for 800-171 implementation.
  6. The development of an actionable plan to efficiently achieve compliance with the 800-171 controls.

NIST 800-171 Assessment & Audit Services

When the Government demands – either via the DFARs or simply because they hopped out the wrong side of the bed one morning – that you demonstrate compliance with NIST 800-171.

We offer a comprehensive suite of 800-171 assessment services to help you navigate a government-mandated audit.

As a Federal Risk and Authorization Management (FedRAMP) accredited Third Party Assessment Organization (3PAO), we have helped some of the nation’s largest companies successfully weather demanding NIST compliance audits. We get that fitting the square peg of compliance into the round hole of technical and business reality is a real challenge, one that has profound implications for your organization. We can work together to minimize assessment impact and ensure that compliance does not come at the expense of business success.

Contact Us to Quick Start your 800-171 Implementation Efforts

Contact us today at to speak with a NIST 800-171 consultant about your organization’s unique requirements and to learn more about the Lunarline Quick Start Compliance Program.