CUI and CDI Security and NIST SP 800-171 Compliance

CUI and CDI Security and NIST SP 800-171 Compliance

“The deadline of December 31st, 2017 has passed a long time ago!

Are you meeting the requirements?”

• • • • • •

Avoid losing existing contracts or having a competitive disadvantage on winning new contracts.

If your company supplies products within the supply chains for the Department of Defense, your company must ensure adequate security by implementing NIST SP 800-171, CUI or CDI. This is part of the process for ensuring compliance with DFARS clause 252.204-7012.

HRCT is here to help with a FREE Security Risk Assessment and Onsite Consultation.

national institute of standards and technology

HRCT will help your business become SP NIST 800-171 compliant on Controlled Unclassified Information (CUI) and Covered Defense Information (CDI) with effective security, so you can continue to do business with federal agencies without penalty.


Controlled Unclassified Information (CUI) for Government Contractors

What is CUI?

It is information created by the government or on behalf of the government that needs to be safeguarded. All government contractors are required by the government to follow the security guidelines to ensure adequate security by implementing NIST SP 800-171.

“CUI is unclassified information that requires safeguarding and dissemination controls pursuant to law, regulation, or Government-wide policy, as listed in the CUI Registry by the National Archives and Records Administration (NARA).”

The National Archives and Records Administration provides a lengthy definition of what constitutes CUI.


Covered Defense Information (CDI) for Department of Defense Specific Contractors

What is CDI?

The Department of Defense (DoD) uses the term Covered Defense Information (CDI) for has its own coordinating rules for cybersecurity. It is the security of contractor information systems that store, process or transmit Federal contract information. 

The Defense Federal Acquisition Regulation Supplement (DFARS) cyber security rules apply to Covered Defense Information (CDI). DFARS supplies a set of “basic” security controls for contractor information systems where this information is stored. These security controls must be executed at both the contractor and subcontractor levels. It is based on the information security guidance in NIST Special Publication 800-171.


There are basic and derived security requirements that your company needs to keep government agency contracts.


Services HRCT will provide to comply with NIST SP 800-171:

– A Security Risk Assessment

– Isolated storage and security moves CUI or CDI into its own security domain to comply with NIST SP 800-171 in a cost-effective way.

– Encryption and cutting-edge security protects data.

– Access control including secure log-ins, authentication and limited access provides authorization only to those with authority to access CUI or CDI.

– Tracking and auditing provides efficient incident response and prevention.

– Maintenance of computer and IT systems keeps IT systems up-to-date and secure to reduce threats.

– Managed services for risk assessment includes monitoring, alerting and prevention.

And more!

For a full NIST SP 800-171 compliance checklist HRCT will follow to make your business compliant, click here to visit


Without the proper security measures in place, your company could lose government contracts. Make sure your business becomes NIST SP 800-171 compliant by contracting HRCT. 

Call (757) 399-3350

Why use HRCT for NIST IT Security?

HRCT is a trusted Hampton Roads IT and telecommunications provider, helping satisfied customers for over 30 years. We are a 5-star Google-rated provider.

Ready to become NIST SP 800-171 compliant?

For information about CUI and CDI Security and NIST SP 800-171 Compliance, contact a HRCT Specialist today!

Call (757) 399-3350
or fill out the form

HRCT Provides Customer Support

Click on the link for the support you need.

Help Desk: Support ASAP

24/7 Emergency Service

Launch Remote Support

Online Tutorials

Call (757) 399-3350 to speak with a HRCT Security Specialist!

Celebrating over 30 years


HRCT is a professional business telephone, computer and IT company with over 30 years of serving customers throughout the United States, Mid-Atlantic Region, Hampton Roads Virginia, north into Williamsburg and south into the Outer Banks of North Carolina. Our main focus is on business communications, using the most up-to-date technology to keep our clients connected to their customers. HRCT clients are more productive, so they get a better return-on-investment from their communication systems.

HRCT keeps your company connected. 24 Hour emergency service available. Call today (757) 399-3350.

Photo courtesy of: hyena-reality

HRCT Partners with the Industry’s Best Providers of Business Communication Products and Services

Computer, IT, Data Protection, WiFi, Telephone, Security Surveillance, Security Cameras and more!