CUI and CDI Security and NIST SP 800-171 Compliance

The deadline of December 31st, 2017, has passed a long time ago! Are you meeting the requirements for CUI and CDI Security and NIST SP 800-171 Compliance? Avoid losing existing contracts or having a competitive disadvantage on winning new contracts.

Is Your Company Fully Complying With The New Regulations Required Under The Most Recent CUI and CDI Security and NIST SP 800-171 Compliance Act?

Nist Logo
If your company supplies products within the supply chains for the Department of Defense, your company must ensure adequate security by implementing NIST SP 800-171, CUI, or CDI. This set of measures is part of the process for ensuring compliance with DFARS clause 252.204-7012.

HRCT is here to help with a FREE Security Risk Assessment and Onsite Consultation.

HRCT will help your business become SP NIST 800-171 compliant on Controlled Unclassified Information (CUI) and Covered Defense Information (CDI) with effective security, so you can continue to do business with federal agencies without penalty.

Services HRCT will provide to comply with NIST SP 800-171:

  • A Security Risk Assessment
  • Isolated storage and security moves CUI or CDI into its own security domain to comply with NIST SP 800-171 in a cost-effective way.
  • Encryption and cutting-edge security protects data.
  • Access control including secure log-ins, authentication, and limited access provides authorization only to those with authority to access CUI or CDI.
  • Tracking and auditing provides efficient incident response and prevention.
  • Maintenance of computer and IT systems keeps IT systems up-to-date and secure to reduce threats.
  • Managed services for risk assessment includes monitoring, alerting, and prevention.
  • And more!

For a full NIST SP 800-171 compliance checklist HRCT will follow to make your business compliant, click here to visit

CUI – Controlled Unclassified Information (CUI) for Government Contractors

What is CUI?

It is information created by the government or on behalf of the government that needs to be safeguarded. All government contractors are required by the government to follow the security guidelines to ensure adequate security by implementing NIST SP 800-171.

“CUI is unclassified information that requires safeguarding and dissemination controls pursuant to law, regulation, or Government-wide policy, as listed in the CUI Registry by the National Archives and Records Administration (NARA).”

The National Archives and Records Administration provides a lengthy definition of what constitutes CUI.

CDI – Covered Defense Information (CDI) for Department of Defense Specific Contractors

What is CDI?

The Department of Defense (DoD) uses the term Covered Defense Information (CDI) for its own coordinating rules for cybersecurity. It is the security of contractor information systems that store, process, or transmit Federal contract information.

The Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity rules apply to Covered Defense Information (CDI). DFARS supplies a set of “basic” security controls for contractor information systems where this information is stored. These security controls must be executed at both the contractor and subcontractor levels. It is based on the information security guidance in NIST Special Publication 800-171.


There are basic and derived security requirements that your company needs to keep government agency contracts.

Without the proper security measures in place, your company could lose government contracts. Make sure your business becomes NIST SP 800-171 compliant by contracting HRCT.