NIST 800-171, also known as "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations," is a set of cybersecurity guidelines and requirements published by the National Institute of Standards and Technology (NIST) in the United States. These guidelines are designed to help nonfederal organizations, including contractors and subcontractors that work with the U.S. government, protect Controlled Unclassified Information (CUI) in their information systems.
NIST 800-171 provides a framework of security controls and requirements that organizations must implement to ensure CUI's confidentiality, integrity, and availability. It outlines 14 families of security requirements, each containing specific controls and guidelines related to topics such as access control, incident response, risk assessment, and security training.
Compliance with NIST 800-171 is often a contractual requirement for organizations that do business with the U.S. government, primarily when they handle CUI. Failure to meet these requirements may result in contract termination or other legal consequences.