NIST 800-171 Compliant

NIST 800-171 management of CUI (Controlled Unclassified Information)

Legacy uses NIST 800-171 to manage all data in relation to:

  • Contractors for the Department of Defense (DoD)
  • Contractors for the General Services Administration (GSA)
  • Contractors for the National Aeronautics and Space Administration (NASA)
  • Universities and research institutions supported by federal grants
  • Consulting companies with federal contracts
  • Service providers for federal agencies
  • Manufacturing companies supplying goods to federal agencies

Our NIST 800-171 process also provides for:

  • Access controls: Who has access to data and whether or not they’re authorized.
  • Awareness and training: Your staff should be adequately trained on CUI handling.  
  • Audit and accountability: Know who’s accessing CUI and who’s responsible for what.
  • Configuration management: Follow guidelines to maintain secure configurations.
  • Identification and authentication: Manage and audit all instances of CUI access.
  • Incident response: Data breach preparedness and response plan protecting CUI.
  • Maintenance: Ensure ongoing security and change management to safeguard CUI.
  • Media protection: Secure handling of backups, external drives, and backup equipment.
  • Physical protection: Authorized personnel only in physical spaces where CUI lives.
  • Personnel security: Train your staff to identify and prevent insider threats.
  • Risk assessment: Conduct pen testing and formulate a CUI risk profile.
  • Security assessment: Verify that your security procedures are in place and working.
  • System and communications protection: Secure your comms channels and systems.
  • System and information integrity: Address new vulnerabilities and system downtime.