The Relationship Between CMMC and NIST SP 800_171 White Paper

March 12, 2021 Redspin, Inc.

NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) is a federal government standard the provides minimum requirements for non-federal agencies (i.e., Department of Defense contractors) to adequately protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

In the past, self-attestation was the only requirement. As the threat landscape became more aggressive, an advanced cybersecurity maturity model, called the Cybersecurity Maturity Model Certification (CMMC) framework, was developed to improve the cybersecurity posture of the Defense Industrial Base (DIB) to adequately protect CUI/FCI.

About the Author

Redspin, Inc.

Redspin is a leading provider of risk assessments using various frameworks including NIST CSF, CMMC-AB, ISO 27001, PCI DSS, and healthcare cybersecurity consulting. We’ve helped many Fortune 500 and leading growth companies in highly regulated industries including government, financial, technology, and manufacturing improve their cyber readiness and resiliency through a strategic and proven approach to reduce cyber risks and safeguard sensitive information.

Follow on Twitter Follow on Linkedin Visit Website More Content by Redspin, Inc.
Previous Article
Four CMMC actions to take right now
Four CMMC actions to take right now

Caleb Barlow, CEO of Cynergistek discusses ways to improve CMMC readiness once the DoD comes knocking.

Next Article
Our Thoughts on CMMC Level 3 Assessments
Our Thoughts on CMMC Level 3 Assessments

As a candidate C3PAO undergoing our own Level 3 assessment by the Defense Industrial Base Cybersecurity Ass...