NIST special publication 800-171, called the Defense Federal Acquisition Regulation Supplement (DFARS), deals with the unique risk existing when information is managed and controlled in nonfederal systems and organizations where Controlled Unclassified Information (CUI) is processed, stored, and transmitted.
3.1 Access Control (AC)
3.3 Audit and Accountability (AU)
3.4 Configuration Management (CM)
3.8 Media Protection (MP)
3.11 Risk Assessment (RA)
3.12 Security Assessment (CA)
3.13 System and Communications Protection (SC)
3.14 System and Information Integrity (SI)
NIST 800-171 is comprised of 14 control categories totaling 110 controls in addition to another 62 Non-Federal Organization (NFO) controls.
Of the 14 control categories, 110 controls and 62 NFO controls, CimTrak addresses 8 control categories, 33 discrete controls and 13 NFO controls.
Complying with 800-171 does not mean you will automatically pass a CMMC audit, as CMMC includes 3 additional domains (Asset Management, Recovery, and Situation Awareness) and 2 non-NIST 800-171 controls.