The Definitive Guide to NIST Compliance

Corserva blog

Companies that are working with the government (either directly or indirectly further down the federal supply chain) should be compliant with the latest NIST 800-171 mandate as of December 31, 2017.

If you are a defense or government supplier – or if you are a subcontractor selling to a government supplier – you have probably heard about the NIST 800-171 mandate. You may also be familiar with NIST 800-53 and wondered what's the difference between these two mandates.


Get Answers to Your Questions About NIST 800-171

Typical questions about NIST 800-171 compliance you may have include:

  • What is NIST?
  • Why have I only heard of NIST recently?
  • Who needs to comply?
  • Is it only manufacturers that need to comply?
  • How does CMMC impact my NIST compliance?
  • Will I be notified?
  • How much will NIST 800-171 compliance cost?
  • Can we do it ourselves?
  • What evidence do I need to provide to show compliance?
  • I thought the deadline was delayed?
  • Maybe I'm already compliant?
  • What if I don't comply?
  • What if I've missed the deadline?
  • What happens next after becoming compliant?

For answers to these and other questions that you may have about NIST compliance, check out Corserva's guide to NIST compliance & CMMC.





The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard created to increase the security posture of companies operating in government supply chains.

The Department of Defense is gradually transitioning from the NIST 800-171 mandate to the CMMC framework. By 2026, all new DoD contracts will require compliance with CMMC.

The CMMC framework requires all companies seeking compliance to work with an accredited and independent third-party organization called a “CMMC Third Party Assessment Organization” or C3PAO. Unlike NIST 800-171, there is no option for self-attestation with CMMC.


RPOAbout Corserva

Corserva has been in business for over 30 years and offers a large portfolio of IT and consulting services. Our team has a very strong focus on NIST 800-171 assessments and CMMC readiness services.

Corserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the CMMC-AB Marketplace.

Request a quote today to get started on your path to compliance.


Post Date: March 6, 2018 // 2:04 PM

Topic category:



Lisa DeVoto

Lisa has 25+ years of experience working for technology companies in B2B marketing and technical communications. She has written on various technology topics including disaster recovery, IT services, and enterprise software. Lisa has an MBA from University of Connecticut and a BS in Computer Science from Rensselaer Polytechnic Institute.