Coalfire Federal has been providing NIST 800-171 Support Services to clients for over 15 years. Our dedicated team of cybersecurity compliance professionals can provide your organization with the advisory and assessment expertise required to help your team prepare and achieve compliance.

NIST 800-171 Support Services

Maintain government contract award eligibility by demonstrating compliance with NIST 800-171 for Department of Defense (DoD) Federal Acquisition Regulations Supplement (DFARS) requirements. Federal government mandates and NIST 800-171 compliance can be time consuming and confusing for your internal staff. Coalfire Federal’s NIST-based compliance services takes the burden off you so you can continue doing business as usual.


  • NIST 800-171 states that nonfederal contractors or subcontractors that collect, store, or transmit covered defense information (CDI) or controlled unclassified information (CUI) on nonfederal systems to the federal government will need to comply by December 31, 2017 or risk losing government contracts. All prime contractors and their subcontractors must comply.
  • The DoD has updated the DFARS, requiring contractors to be compliant with NIST 800-171. (252.204-7012.ii.A).
  • The interim DFARS rule specifies all contractors and sub-contractors post a current assessment into SPRS by Nov. 30, 2020, as a prerequisite to submitting bids for new contracts or renewing existing contracts with the DoD This applies to both prime contractors and subcontractors.
  • DFARS clause 252.204-7008 addresses requirements for safeguarding CDI controls in government contractor systems, which include CDI and CUI. Clause 252.204-7012 addresses the expansion of safeguards to include cyber incident reporting requirements.


Coalfire Federal Supports Your Compliance Journey.

Our Advisory and Assessments services are designed to support your organization, regardless of where you are currently on your compliance journey.

  • Gap analysis: Coalfire Federal’s advisory team will conduct a compliance analysis of current information systems against NIST 800-171. Findings include current compliance posture, identification and verification of organization security boundaries, system policies and procedures status, and roadmap for DFARS/NIST 800-171 compliance.
  • Remediation: Coalfire Federal’s advisory team will assist in the design and documentation development of the system security plan (SSP) and several closely associated supporting documents that are required to achieve DFARS compliance. Coalfire will also provide DFARS reference architecture recommendations and engineering roadmap considerations.
  • Assessment: Coalfire can develop and test against a DFARS security assessment plan (SAP) that includes NIST 800-171 controls. The assessment report will indicate the compliance posture with DFARS.

For more information on our support services, contact us today for a free consultation.