NIST 800-171
The 110-control baseline for protecting Controlled Unclassified Information (CUI).
NIST Special Publication 800-171 defines 110 security requirements across 14 control families — from access control to system integrity. Every DoD contractor handling CUI is required to implement them under DFARS 252.204-7012.
NIST 800-171 is the foundation of CMMC Level 2. A self-assessment score against these controls (max 110) is what gets posted to SPRS.
Related terms
CMMC
The DoD's Cybersecurity Maturity Model Certification, mandatory across the defense supply chain.
CUI
Controlled Unclassified Information — unclassified but protected government data.
SPRS
The DoD's Supplier Performance Risk System — where your NIST 800-171 score lives.
POA&M
Plan of Action & Milestones — the roadmap for closing security control gaps.
See how Scarlet Risk covers NIST 800-171.
One platform for compliance, cyber, crypto, and world-watch risk.
Schedule Live Demo