JAMIS Software

Search Icon View Demo

MENUMENU
  • Products
        • JAMIS Prime ERPProduct Overview
          • Project Accounting & FinanceCost Accounting For Government Contractors
          • Time and Expense ManagementTimesheets, Time Off Management, and Expense Reporting
          • Contract ManagementContract Lifecycle Management
          • Business Planning SuiteProject Budgeting, Forecasting, and Resource Planning
          • Customer Relationship Management (CRM)Contact Management, Opportunity Pipeline Management
          • Distribution ManagementRequisitions, Purchasing, and Inventory Management
          • Asset ManagementFixed Assets, Depreciation, and Government Property Management
          • Dashboards & Business IntelligenceReal-time Reporting, Inquiries, & Dashboards
        • JAMIS HCMProduct Overview
          • Human Resources ManagementHR, Recruiting, Onboarding, Benefits, Compensation, and Learning
          • Payroll ManagementDomestic & International Payroll, & Outsourced Tax Services
        • Industry Specific EditionsProduct Overview
          • Manufacturing EditionProject Manufacturing built for federal government contractors
          • Nonprofit EditionGrant management for federally-funded nonprofits.
        • Company Size
          • Small Business
          • Enterprise BusinessScalable and full-featured solutions for mid-to-large organizations.
  • Services
    • Implementation Services & Consulting
    • Customer Support
    • JET - JAMIS Education & Training
    • JAMIS Cloud Services
    • System Customization
  • Resources
        • Get the JAMIS edge in Government Contracting

          JAMIS is a true cloud ERP system that breaks down barriers and helps drive collaboration and knowledge-sharing across your organization, so your people can do what they do best.

          Why JAMIS?
          DCAA Compliance
          Security

          Resources
          • Webinars & Videos mega menu arrow
          • Whitepapers mega menu arrow
          • Prime Insights Blog mega menu arrow
          • Datasheets mega menu arrow
          • Customers mega menu arrow
          FEATURED CONTENT
          JAMIS Prime 7.0 Release

          JAMIS Introduces Innovative Project Workforce & Performance Management Features in its Prime 9.0.5 Release

          This release introduces significant enhancements designed to help organizations improve resource planning, project visibility, and operational control - enabling teams to plan more accurately, execute more efficiently, and make better decisions in real time.

          Learn more mega menu arrow

  • Events
    • Webinars
    • JAMIS Summit 2026
  • Company
    • About JAMIS
    • Company News
    • Management Team
    • Partners & Affiliates
    • Careers
    • Office Locations
  • Contact Us

NIST 800-171 Compliance: The 15 Key Requirements

Posted by Dan Rusert on August 30, 2016

nist“Defense contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.

To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information.” [1]

“NIST Special Publication 800-171: Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations” (DFARS 252.204-7008) [2]

Compliance deadline: December 31, 2017.

The requirements focus in on these 15 key components:

  1. Access Control
    1. Limit system access to authorized users.  Separate the access of standard users vs. administrators, and document your processes.
    2. Limit the number of logon attempts.
    3. Provide privacy and security notices to users entering the system.
    4. Encrypt communications via internet, W-Fi, or on any mobile devices.
  2. Awareness and Training
    1. Ensure that managers, systems administrators, and users of organizational information systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of organizational information systems.
    2. Ensure that organizational personnel are adequately trained to carry out their assigned information security-related duties and responsibilities.
  3. Audit and Accountability
    1. Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity.
    2. Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.
  4. Configuration Management
    1. Establish and maintain baseline configurations and inventories of organizational information systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles.
    2. Establish and enforce security configuration settings for information technology products employed in organizational information systems.
  5. Contingency Planning
    1. Refers to interim measures to recover information system services after a disruption. Interim measures may include relocation of information systems and operations to an alternate site, recovery of information system functions using alternate equipment, or performance of information system functions using manual methods.
  6. Identification and Authentication
    1. Identify information system users, processes acting on behalf of users, or devices.
    2. Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
  7. Incident Response
    1. Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.
    2. Track, document, and report incidents to appropriate organizational officials and/or authorities.
  8. Maintenance
    1. Perform maintenance on organizational information systems.
    2. Provide effective controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance.
  9. Media Protection
    1. Protect (i.e., physically control and securely store) information system media containing CUI, both paper and digital.
    2. Limit access to CUI on information system media to authorized users.
    3. Sanitize or destroy information system media containing CUI before disposal or release for reuse.
  10. Personnel Security
    1. Screen individuals prior to authorizing access to information systems containing CUI.
    2. Ensure that CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers.
  11. Physical Protection
    1. Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
    2. Protect and monitor the physical facility and support infrastructure for those information systems.
  12. Risk Assessment
    1. Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission of CUI.
  13. Security Assessment
    1. Periodically assess the security controls in organizational information systems to determine if the controls are effective in their application.
    2. Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems.
    3. Monitor information system security controls on an ongoing basis to ensure the continued effectiveness of the controls.
  14. System and Communications Protection
    1. Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
    2. Employ architectural designs, software development techniques, and systems engineering principles that promote effective information security within organizational information systems.
    3. Protect the confidentiality of CUI at rest (“data at rest”).
  15. System and Information Integrity.
    1. Identify, report, and correct information and information system flaws in a timely manner.
    2. Provide protection from malicious code at appropriate locations within organizational information systems.
    3. Monitor information system security alerts and advisories and take appropriate actions in response.

To find out more about how JAMIS Cloud Services can help your organization prepare for these challenging federal compliance standards, contact us today at info@jamis.com.


[1] NIST Tech Beat – June 19, 2015: NIST Publishes Final Guidelines for Protecting Sensitive Government Information Held by Contractors

[2] NIST Special Publication 800-171: Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations

Topics: Blog

Welcome!

Recent Posts:

Navigating Federal Compliance: Why JAMIS Prime ERP is the Gold Standard for Government Contractors

Modernizing the GovCon Employee Experience: Bridging the Gap for Gen Z and Gen Alpha

The 2026 GovCon Catch-22: Is Your Legacy ERP Killing Your Competitive Edge?

Navigating 2026’s AI Ethics in GovCon Recruiting – The Human-in-the-Loop Mandate

New Year’s Resolution – Save Your Valuable Time with Automation and AI

facebook twitter youtube linkedin
Copyright © 2023 JAMIS Software Corporation. All rights reserved.
JAMIS Headquarters | 6688 Gunpark Drive, 2nd Floor, Boulder, Colorado 80301
Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
Legal | Sitemap