NIST SP 800-171 Toolkit

Published:
Policies, Guidelines, Plans and Toolkits
Author(s) and Contributors:
Author(s): Nichole Arbino Damon Armour Bob Barton Steven Dawson Nadim El-Khoury Jay Gallman Alexander Magid Laura Raderman Sarah Robinson Ken Taylor John Virden Carolyn Ellis
Source(s) and Collection(s):
Collection(s): EDUCAUSE Working Group
ParentTopics:
Access Control Compliance Cybersecurity Cybersecurity Maturity Model Certification (CMMC) Cybersecurity Policy Data Security Identity and Access Management Network Security Security Architecture and Design Security Metrics Security Risk Management

The National Institute of Standards and Technology Special Publication (NIST SP) 800-171 poses a number of challenges—both large and small—for higher education institutions. A working group was convened from the HEISC 800-171 Compliance community group to address the most pressing challenges and provide resources institutions can use in their compliance efforts. In this toolkit, you will find an overview of NIST SP 800-171 and its implications for higher education, questions to ask during project planning, 7 Things You Should Know About CMMC to use when speaking with stakeholders and leadership, and a customizable control evaluation. A compliance template created by Common Solutions Group has also been included.

NIST SP 800-171 Overview

This document provides a review of the timeline that introduced NIST SP 800-171 as a compliance framework, an overview of the control families for the 110 controls, and a discussion of the impacts and concerns for higher education.

Control Evaluation

The NIST SP 800-171 Control Evaluation Spreadsheet is to support colleges and universities in their efforts to comply with the NIST standard, prioritize information security efforts and provide metrics for reporting. (Excel download)

7 Things You Should Know About CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a set of policies and practices that address the protection of federal Controlled Unclassified Information (CUI) data through administrative, physical, and technical controls.

Project Phase Planning

Use this document with stakeholders at your institution to determine a plan for protecting confidential unclassified information.

Compliance Template

The NIST SP 800-171 Compliance Template was prepared by Common Solutions Group members. Its purpose is to provide a starting point for NIST SP 800-171 compliance.