The National Institute of Standards and Technology Special Publication (NIST SP) 800-171 poses a number of challenges—both large and small—for higher education institutions. A working group was convened from the HEISC 800-171 Compliance community group to address the most pressing challenges and provide resources institutions can use in their compliance efforts. In this toolkit, you will find an overview of NIST SP 800-171 and its implications for higher education, questions to ask during project planning, 7 Things You Should Know About CMMC to use when speaking with stakeholders and leadership, and a customizable control evaluation. A compliance template created by Common Solutions Group has also been included.
This document provides a review of the timeline that introduced NIST SP 800-171 as a compliance framework, an overview of the control families for the 110 controls, and a discussion of the impacts and concerns for higher education.
The NIST SP 800-171 Control Evaluation Spreadsheet is to support colleges and universities in their efforts to comply with the NIST standard, prioritize information security efforts and provide metrics for reporting. (Excel download)
The Cybersecurity Maturity Model Certification (CMMC) is a set of policies and practices that address the protection of federal Controlled Unclassified Information (CUI) data through administrative, physical, and technical controls.
Use this document with stakeholders at your institution to determine a plan for protecting confidential unclassified information.
The NIST SP 800-171 Compliance Template was prepared by Common Solutions Group members. Its purpose is to provide a starting point for NIST SP 800-171 compliance.