NIST 800-171

It all starts with NIST SP 800-171 (It’s Mandatory)
Any organization that processes or stores sensitive, unclassified information on behalf of the US government is required to be compliant with the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) cybersecurity standards.

Beyond the previously required self-certification of compliance, NIST 800-171 now requires increasing numbers of contractors and subcontractors to verify, document, and upload compliance proof to the Supplier Performance Risk System (SPRS) in order to be eligible for federal contracts. Randomly selected organizations will be subject to remote and/or in-person audits to verify their cyber security and risk management system compliance.


GMS Audit is CMMC AB certified to assist in the preparation of NIST 800-171 and subsequent CMMC preparation and submission

Take Advantage of Our Knowledge, Expertise and Experience – Contact Us Today