Coalfire Federal has been providing NIST 800-171 Support Services to clients for over 15 years. Our dedicated team of cybersecurity compliance professionals can provide your organization with the advisory and assessment expertise required to help your team prepare and achieve NIST 800-171 compliance.

NIST SP 800-171 Support Services

Maintain government contract award eligibility by demonstrating compliance with NIST SP 800-171 for Department of Defense (DoD) Federal Acquisition Regulations Supplement (DFARS) requirements. Federal government mandates and NIST SP 800-171 compliance can be time consuming and confusing for your internal staff. Coalfire Federal’s NIST-based compliance services takes the burden off you so you can continue doing business as usual.


  • NIST SP 800-171 states that nonfederal contractors or subcontractors that collect, store, or transmit covered defense information (CDI) or controlled unclassified information (CUI) on nonfederal systems to the federal government will need to comply with NIST SP 800-171 by December 31, 2017 or risk losing government contracts. All prime contractors and their subcontractors must comply.
  • The DoD has updated the DFARS, requiring contractors to be compliant with NIST SP 800-171. (252.204-7012.ii.A).
  • The interim DFARS rule specifies all contractors and sub-contractors post a current assessment into SPRS by Nov. 30, 2020, as a prerequisite to submitting bids for new contracts or renewing existing contracts with the DoD This applies to both prime contractors and subcontractors.
  • DFARS clause 252.204-7008 addresses requirements for safeguarding CDI controls in government contractor systems, which include CDI and CUI. Clause 252.204-7012 addresses the expansion of safeguards to include cyber incident reporting requirements.

Coalfire Federal’s portfolio of NIST 800-171 Advisory and Assessments services are designed to support your organization regardless of where you are currently on your compliance journey.

  • Gap analysis: Coalfire Federal’s advisory team will conduct a compliance analysis of current information systems against NIST SP 800-171. Findings include current compliance posture, identification and verification of organization security boundaries, system policies and procedures status, and roadmap for DFARS/NIST SP 800-171 compliance.
  • Remediation: Coalfire Federal’s advisory team will assist in the design and documentation development of the system security plan (SSP) and several closely associated supporting documents that are required to achieve DFARS compliance. Coalfire will also provide DFARS reference architecture recommendations and engineering roadmap considerations.
  • Assessment: Coalfire can develop and test against a DFARS security assessment plan (SAP) that includes NIST SP 800-171 controls. The assessment report will indicate the compliance posture with DFARS.

For more information on our NIST 800-171 support services, Contact Us today for a free consultation.