Skip links

NIST 800-171 Compliance

NIST 800-171 Compliance Services

HPS has worked with a variety of organizations since the inception of NIST 800-171. The NIST 800-171 requirement is designed to help companies that have contracts with the federal government or that supply materials, products, or goods to implement appropriate security measures. NIST 800-171 provides a framework that specifies how information systems and policies should function to protect Controlled Unclassified Information (CUI).

Since the NIST 800-171 compliance effort is a Defense Federal Acquisition Regulation Supplement (DFARS) requirement, Department of Defense (DoD) contractors must be compliant. Failure to satisfactorily meet requirements could lead to the loss of government contracts.

NIST 800-171 Cybersecurity Controls

To comply with NIST 800-171, your company must perform a gap analysis against 110 required controls. These controls are derived from NIST SP 800-53 Revision 4 and are broken down into 14 controls families:

  • Access Control
  • Awareness & Training
  • Audit & Accountability
  • Configuration Management
  • Identification & Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System & Communications Protection
  • System & Information Integrity

Let us Help!

HPS has helped many prime and sub-contractors comply with the NIST 800-171 standard. While the deadline for DoD contractors has passed, it is never too late to become complaint.

If you struggle to interpret the guidance, rest assured that you are not on your own!

HPS will help you with all aspects related to NIST SP 800-171, including organizational adherence to the 14 control families. The process starts with a gap analysis and concludes with a Security RoadMap for your organization.

Gap Analysis & Security RoadMap

HPS helps you perform a gap analysis, which is a security assessment that directly aligns with NIST 800-171 security controls. This approach determines whether you are currently compliant and which areas still require work. The process includes interviews with your staff, network diagram reviews, and accurately documenting assessment findings.

HPS differs from the competition, as we provide a prescriptive “RoadMap” on how to meet the criteria defined in NIST 800-171. This extra step helps you improve your overall security posture. It also helps you address and focus on elements that require continuous monitoring.

The Process

We follow a streamlined process to assess your current state and guide you to compliance.

Gap Analysis

We compare your existing state against NIST 800-171 requirements.


We create detailed NIST 800-171 documentation and roadmaps that guide you to compliance.


We discuss all security deficiencies and execute roadmaps to improve your overall security posture.

The Results

Upon completion, your organization will be in compliance with NIST 800-171 objectives. Listed below are the minimal deliverables that we provide. More specific deliverables can be produced depending upon your environment and specific needs.

  • System Security Plan (SSP)
  • Plan of action and milestones (POA&M)
  • Risk Assessment Reports
  • Security RoadMap