The Relationship Between CMMC and NIST SP 800_171 White Paper

March 12, 2021 Redspin, Inc.

NIST SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) is a federal government standard the provides minimum requirements for non-federal agencies (i.e., Department of Defense contractors) to adequately protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).

In the past, self-attestation was the only requirement. As the threat landscape became more aggressive, an advanced cybersecurity maturity model, called the Cybersecurity Maturity Model Certification (CMMC) framework, was developed to improve the cybersecurity posture of the Defense Industrial Base (DIB) to adequately protect CUI/FCI.

About the Author

Redspin, Inc.

Redspin is a leading provider of risk assessments using various frameworks including NIST CSF, CMMC-AB, ISO 27001, PCI DSS, and healthcare cybersecurity consulting. We’ve helped many Fortune 500 and leading growth companies in highly regulated industries including government, financial, technology, and manufacturing improve their cyber readiness and resiliency through a strategic and proven approach to reduce cyber risks and safeguard sensitive information.

Follow on Twitter Follow on Linkedin Visit Website More Content by Redspin, Inc.

No Previous Flipbooks

Next Flipbook
CMMC Scoping Environment
CMMC Scoping Environment

Scoping determines the boundaries where Controlled Unclassified Information (CUI) and Federal Contract Info...