Protect CUI or Risk Losing Federal Business

Federal contractors that process, store or transmit Controlled Unclassified Information (CUI) have until December 2017 to meet new, more stringent security guidelines from the National Institute of Standards and Technology (NIST).

CUI is defined as any confidential information not designated as “classified”, “top secret” or “for official use only”. It can exist in both paper and digital forms, on the contractors’ own systems as well as the use of third parties and portable devices.

NIST SP 800-171 establishes a minimum level of information security a contractor should have to adequately protect CUI. The guidelines apply to any organization that handles CUI on its own systems—civilian and DoD contractors, colleges and universities and state and local governments.

 How We Can Help You Prepare?

For many contractors, NIST SP 800-171 will have a significant impact on your ability to perform government contracts. ITPG can help you assess what you need to do to align with these guidelines. Our Readiness Assessment identifies potential compliance gaps and provides detailed recommendations for remediation:


  • An immediate snapshot of your organization’s current baseline for compliance
  • Identified gaps qualified for criticality and severity
  • A prioritized gap remediation plan
  • Cost magnitude estimate, level of effort, and suggested timeline to remediate
  • Risk appetite analysis based on risk treatment strategies
  • Executive level / Board level presentation to obtain remediation go or no go decision

Are Your Federal Contracts at Stake?

If your business is dependent on achieving SP 800-171 compliance, contact us as soon as possible, to ensure you have met the 14 categories of security requirements.

Let’s Talk