Skip to main content

Request SaaS Deployment

Contact Sales

NIST 800-171 Compliance

Monitor insider activity. Detect anomalies. Respond to incidents. ALL-IN-ONE

NIST 800-171 Compliance: who needs it and why?

The main entities and organizations that need to comply with NIST 800-171 are:

Who needs to comply with NIST 800-171

Department of Defense (DoD) contractors

General Services Administration (GSA) contractors

National Aeronautics and Space Administration (NASA) contractors

Universities and research institutions receiving federal grants

Any other organization that processes, stores, or transfers CUI of a federal agency

NIST 800-171 compliance allows these entities to better mitigate the risk of insider threats and reduce the risk of data breaches. In turn, non-compliance with NIST SP 800-171 may result in the loss of contracts with a federal agency and ensuing financial losses and reputational damage.

NIST 800-171 vs NIST 800-53

These two information security standards have several meaningful differences:

Overview of functionality


NIST SP 800-171

NIST SP 800-53

Required for compliance with


Applies to

Contractors of federal agenciesFederal agencies

Provides security guidelines for working with

Controlled unclassified information (CUI)Information systems of government institutions

Security control families covered


Still, many security controls in FISMA and DFARS overlap. Organizations that are already compliant with one of these regimes are likely to already meet most requirements of the other.

No matter what cybersecurity requirements are outlined in a contract between a federal agency and their contractor, the contractor still needs to meet the requirements of NIST 800-171.

The Ekran System platform includes a wide selection of cybersecurity capabilities that come in handy for complying with NIST 800-171 cybersecurity requirements. In particular, using Ekran System as NIST 800-171 compliance software, you can implement basic security requirements for compliance with NIST 800-171 in four control families:

  • Access Control
  • Audit and Accountability
  • Identification and Authentication
  • Incident Response

Thanks to its rich functionality, Ekran System also works as a NIST 800-171 compliance solution that helps you meet the requirements of most derived security requirements within these control families:

Meeting NIST 800-171 requirements with Ekran System

Control familyRequired actionsEkran System functionality
Access Control
Identification and Authorization
  • Verify user identity and secure critical assets, systems, and accounts with multi-factor authentication.
  • Identify users logging in to your network.
Identity management
Access Control
  • Employ the principle of least privilege and assign access permissions granularly to specific accounts or roles with role-based access control.
  • Ensure that only authorized users can access critical data, applications, and processes.
  • Provide secure remote access to corporate network resources.
  • Enable emergency access to critical systems via one-time passwords.
Privileged access management
Access Control
Audit and Accountability
  • Monitor and control user activity within local and remote sessions on endpoints and servers with the Ekran System Client installed.
  • Monitor and block the connection of external USB devices, including portable storage devices.
User activity monitoring
Access Control
  • Terminate suspicious users, applications, and devices in response to triggered alerts.
Security incident investigation
Audit and Accountability
  • Record and log all user actions performed on servers and endpoints with the Ekran System Client installed.
  • Generate standard and customized reports on demand.
  • Export generated reports in a protected format for further forensic analysis.
Auditing and reporting
Incident Response
  • Configure customized alerts and notifications to respond to cybersecurity incidents and report on them in time.
Alerts and incident response
Access Control
  • Protect the confidentiality of data with efficient cryptographic mechanisms.
Data encryption with AES-256 keys and an RSA-1024 or RSA-2048 algorithm

Let’s get the conversation started

Contact our team to learn how our insider risk management software can safeguard your organization’s data from any risks caused by human factors. Book a call with us at a time that suits you best, and let’s explore how we can help you achieve your security goals.