top of page

NIST SP 800-171

myLaminin's Compliance

NIST Special Publication 800-171 (NIST SP 800-171) provides federal agencies with recommended security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations. It outlines specific security controls and objectives that organizations must implement when handling CUI, which is sensitive but not classified information. The requirements are designed to ensure the confidentiality, integrity, and availability of CUI in these systems.

 

Examples of CUI

Health information, critical energy infrastructure information, intellectual property, and defense-related information. 

Periodic Table

Key aspects of NIST SP 800-171

Scope

Protecting CUI in non-federal systems and organizations. It consists of 110 security controls with 320 assessment objectives.

Compliance

Organizations handling CUI must implement the security controls and objectives outlined in the publication.

Purpose

To ensure that CUI is handled securely, preventing unauthorized access, disclosure, or modification. It applies to any component of a non-federal system that processes, stores, or transmits CUI.

Assessment

​The security requirements are assessed through a process outlined in NIST SP 800-171A.

Who needs to comply?

  • Federal agencies

  • Non-federal organizations and systems that process, store, or transmit CUI

  • Organizations within the supply chain for DoD, GSA, NASA, and other federal agencies

  • Defense contractors

Why is compliance important?

  • Ensuring data security
    Protecting CUI from unauthorized access, disclosure, or modification. 

  • Meeting contractual requirements
    Many federal contracts require compliance with NIST SP 800-171. 

  • Maintaining credibility
    Demonstrates a commitment to cybersecurity and data protection. 

  • Reducing risk
    Minimizing the risk of data breaches and cyberattacks. 

myLaminin’s compliance with NIST 800-171

myLaminin has undergone a thorough self-assessment against the 110 security requirements of the NIST SP 800-171 standard and addressed all requirements relevant to our role as a secure Research Data Management platform.

NIST.png

Some security requirements are tagged as Not Applicable (NA) or ‘Can’t Support’ as they do not apply in our environment. For example, myLaminin is a SaaS service that does not maintain or operate any on-premise data center facilities and does not operate any mobile computing platforms or use portable storage devices for data transfer. myLaminin also does not rely on any external third parties for system maintenance activities.

bottom of page