NIST 800-171 Compliance

How CimTrak Helps With NIST 800-171 Compliance

Manage Basic Cyber Hygiene and Secure Infrastructures

Blue - 5


Continuous compliance with prescriptive steps to remediate failed systems ensuring they are in a trusted and expected state. 

Blue - 7


Monitor critical configurations to ensure a compliant state. CimTrak operates in real-time enabling Mean-Time-To-Identify (MTTI) security incidents in seconds. 

J - Blue


Monitor your environment. Don't let unauthorized access occur with your routers, firewalls, and network devices. 

CimTrak Simplifies NIST 800-171 Compliance

NIST special publication 800-171, called the Defense Federal Acquisition Regulation Supplement (DFARS), deals with the unique risk existing when information is managed and controlled in nonfederal systems and organizations where Controlled Unclassified Information (CUI) is processed, stored, and transmitted.

Achieve NIST 800-171 Requirements with CimTrak

NIST 800-171 Rev2

CimTrak addresses

3.1 Access Control (AC)
3.3 Audit and Accountability (AU)
3.4 Configuration Management (CM)
3.8 Media Protection (MP)
3.11 Risk Assessment (RA)
3.12 Security Assessment (CA)
3.13 System and Communications Protection (SC)
3.14 System and Information Integrity (SI)

What about NFO Controls?

NIST 800-171 is comprised of 14 control categories totaling 110 controls in addition to another 62 Non-Federal Organization (NFO) controls.

  • As defined by NIST 800-171, NFO controls are “expected to be routinely satisfied by non-federal organizations without specification.”
  • In this context, the term “without specification” means that NIST approaches these NFO requirements as basic expectations that do not need a detailed description, since they are fundamental components of any organization’s security program.

Of the 14 control categories, 110 controls and 62 NFO controls, CimTrak addresses 8 control categories, 33 discrete controls and 13 NFO controls.

  • A crosswalk is given for all CimTrak products if they provide a control, automated scan, or enable a process, procedure or policy to assist with the evidence collection to meet the objective of a defined domain, category, control, standard, component or assessment factor.

NFO Controls CimTrak Addresses

  • SA-10 Developer Configuration Management
  • SI-1 System and Information Integrity Policy and Procedures
  • SI-4(5) Information System Monitoring | System-Generated Alerts
  • AU-1 Audit and Accountability Policy and Procedures
  • CA-7(1) Continuous Monitoring | Independent Assessment
  • CM-1 Configuration Management Policy and Procedures
  • CM-2(1) Baseline Configuration | Reviews and Updates
  • CM-2(7) Baseline Configuration | Configure Systems, Components, or Devices for High-Risk Areas
  • CM-3(2) Configuration Change Control Test / Validate / Document Changes
  • CM-8(5) Information System Component Inventory | No Duplicate Accounting of Components
  • CM-9 Configuration Management Plan
  • RA-5(1) Vulnerability Scanning | Update Tool Capability
  • RA-5(2) Vulnerability Scanning | Update by Frequency / Prior to New Scan / When Identified

Complying with 800-171 does not mean you will automatically pass a CMMC audit, as CMMC includes 3 additional domains (Asset Management, Recovery, and Situation Awareness) and 2 non-NIST 800-171 controls.

Simplify NIST 800-171 Compliance

See for yourself how to make your systems truly secure and compliant.