NIST 800-171 Compliance


ComplianceForge currently offers several products that are designed to assist companies with NIST 800-171:

The NCC product is considered a "consultant in a box" product to provide consultant-level guidance on how to comply with NIST 800-171. The WISP and DSP are program-level policies and standards that will provide you with evidence you need to demonstrate compliance.

What do you get if you buy the NIST 800-171 Compliance Criteria (NCC) product?

  • The NCC is a “consultant in a box” solution that is essentially a NIST 800-171 checklist in an editable Microsoft Excel format.
    • The NCC covers all controls in Appendix D of NIST 800-171.
    • It also covers Appendix E Non-Federal Organization (NFO) controls, which are required by contractors.
  • Each of the NIST 800-171 controls is mapped to its corresponding NIST 800-53 control.
  • Each of the NIST 800-53 controls are broken down to identify:
    • Reasonably-expected criteria to address the control.
    • Applicable compliance guidance;
    • Methods to address the requirement; and
    • Status of compliance for each control so you can use it for a self-assessment.
  • The NCC maps into the Written Information Security Program (WISP) and Digital Security Program (DSP) products, so they can work in concert together to make it easier to comply with NIST 800-171 since your organization can have NIST-based policies and standards to support NIST 800-171 compliance efforts.

We also have several bundles, where you can save up to 40% off retail price! 

ComplianceForge even has a "consultant in a box" product, the NIST 800-171 Compliance Criteria (NCC):


[click to see the NCC] 

Solutions for NIST 800-171 Compliance

ComplianceForge has NIST 800-171 compliance documentation that applies if you are a prime or sub-contractor. 




Click here for a FREE GUIDE 

We put together a guide to help companies scope their computing environment to help identify what is in scope for NIST 800-171 and was falls outside of scope.

NIST 800-171 Scoping Considerations

When you look at NIST 800-171 rev 1 compliance, it has some similarities to the Payment Card Industry Data Security Standard (PCI DSS).

From the perspective of PCI DSS, if scoping is done poorly, a company's entire network may be in-scope as the CDE, which means PCI DSS requirements would apply uniformly throughout the entire company. In these scenarios, PCI DSS compliance can be prohibitively expensive or even technically impossible. However, when the network is intelligently-designed with security in mind, the CDE can be a small fraction of the company's network, which makes compliance much more achievable and affordable.

We feel that NIST 800-171 should be viewed in the very same manner. This guide is meant to help companies identify assets within scope for NIST 800-171 and potentially find ways to minimize scope through isolation or controlled access.

Not sure what CUI is or if you have CUI on your network? Go to the US Government's authoritative source on the matter, the US Archives CUI Registry at

NIST 800-171 Compliance Criteria (NCC) Cost Savings Estimate

As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a NCC from ComplianceForge is approximately 23% ($5,5000+ savings) of the cost as compared to writing your own documentation and 9% ($16,000+ savings) of the cost as compared to hiring a consultant to write it for you!



Save Up To 45% With A Bundle! 

We have a few discounted bundles specifically tailored for clients who need to comply with NIST 800-171, but we can always make a custom package for you. Just give us a call or email us at to request a custom package.

NCC Bundle #1 NCC Bundle #2 NCC Bundle #3 NCC Bundle #4
 2017-3-ncc-bundle-1-ncc-wisp.jpg   2017-3-ncc-bundle-2-ncc-wisp-csop.jpg   2017-3-ncc-bundle-3-ncc-wisp-csop-cirp.jpg   2017-4-ncc-bundle-4-ncc-wisp-csop-cirp-rmp-crat-vpmp-vcp-spbd.jpg 

Sort by:

Sign up for our Newsletter!