NIST 800-171 Assessment

NIST 800-171 is a set of security guidelines aimed at protecting sensitive information and reducing the risk of data breaches. Compliance is mandatory for businesses handling Controlled Unclassified Information (CUI). Even if compliance is not a requirement, we recommend that businesses adopt the framework to protect sensitive data and manage ongoing risk. An assessment will determine where you’re compliant and provide you recommendations on how to achieve compliance in areas you aren’t.


CUI Identification

The first step is to define the CUI you handle and identify the systems that store and process it. This provides scope for the assessment and the implementation of safeguards. It's also important for your business to ensure that only systems intended to handle CUI are processing or storing the information. Owners of the data and staff that handle CUI are also identified.

GAP Analysis

We review your systems, policies and procedures to determine your current level of compliance and where gaps exist. This involves technical reviews of IT systems, process reviews and workshops with CUI data owners and users.



Compliance Checklist

We provide a compliance checklist in the form of a System Security Plan. This outlines the systems involved in CUI processing, each security requirement and if you're currently compliant. If you're not, we'll provide you with recommendations on the best way to achieve compliance.

If you’d like to organise a meeting to find out more and meet our team, please contact us.