Does Your Organization Meet All NIST 800-171 Compliance Requirements?

Don’t risk losing contract renewals, new bids or the ability to secure future contracts because of noncompliance. Be prepared for your NIST 800-171 audit.

As of 2017, any entity that processes or stores US government Controlled Unclassified Information (CUI) — government contractors, research institutions, consulting companies, manufacturing contractors — must comply with the stringent requirements of NIST 800–171 or be prepared to face a myriad of risks, including the loss of contract renewals, newly won bids, or the ability to secure future contracts. In January 2020, the Department of Defense released the initial version of Cybersecurity Maturity Model Certification (CMMC) standard. Certifications will begin for new and existing defense contractors this year and a CMMC certification will be required in place of self-attested NIST compliance.

What is NIST 800-171 Compliance and the Upcoming CMMC?

The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the data and information systems of federal agencies. If your organization specializes in these spaces, the NIST compliance framework should not be a stranger to you.

Initially, the NIST 800-171 was meant to be a “common sense” set of guidelines for any organization seeking to improve their cybersecurity. Since compliance with NIST 800-171 became a requirement in 2017, government contractors have been inaccurately self-attesting to NIST 171 compliance, which has resulted in serious cybersecurity deficiencies, security breaches, and delayed projects.

You can get ready for the CMMC compliance today, by partnering with Withum to perform a NIST 800-171 compliance audit and cybersecurity assessment. Reach out to usfor a complimentary consultation.

Contact Us

Get ready for the CMMC compliance today by partners with Withum to perform a NIST 800-171 compliance audit and cybersecurity assessment. Reach out to us for a complimentary consultation.

How to Become NIST 800-171 Compliant

Since self-attested NIST 800-171 compliance will no longer be accepted, this means organizations should prepare for the CMMC now by becoming NIST 800-171 compliant as soon as possible. Any type of cybersecurity audit takes time, and a NIST compliance audit is no different. Now that the CMMC deadline is approaching, the last thing companies want is to be scrambling about trying to tie up loose ends and/or fixing surprise noncompliance issues.

The best way to get ready for the CMMC is to follow these steps:

  • Understand the NIST 800-171 compliance requirements
  • Analyze current cybersecurity measures and processes
  • Identify any security breaches or compliance gaps
  • Put measures in place to meet NIST 800-171 compliance

Consequences of NIST 800-171 Non-Compliance

If an organization is found to be out of compliance with NIST 800-171 (and the soon to be CMMC), they risk losing any current contracts or newly won bids, as well as being prevented from closing any additional contracts in the future. Plus, the reputational damage of being non-compliant can have far-reaching consequences. Below is a brief timeline on the expected CMMC rollout:

  • January 2020 – CMMC Compliance Checklist released
  • June 2020 – CMMC requirements appear in RFIs
  • September 2020 – CMMC requirement will start appearing in RFPs
nist 800-171 compliance

Why Partner With Withum for NIST Consulting

With over 20 years of experience in the areas of cybersecurity, digital forensics, and data privacy, Withum’s security consultants and auditors have seen it all. We’re well-equipped to help organizations of all sizes prepare for the CMMC by meeting NIST 800-171 compliance.

Don’t be left unprepared — start planning for NIST 800-171 (and CMMC) today – reach out to us for a complimentary consultation.


Daniel Cohen-Dumani


Washington, DC

Chris Ertz


Washington, DC