Anyone working on NIST SP 800-171 (Network and Information Security)?


Trusted Information Resource
I think this is a dumb question, but while I'm researching the answer I thought I'd come to the hub of all knowledge and pose the question here.

I'm seeing some traffic in my inbox from multiple customers regarding compliance to NIST SP 800-171, so I'm assuming that some implementation target date is approaching. This standard appears (research in progress) to address network and information security in organizations.

Since we have big aerospace customers, who occasionally provide us source control drawings, and also our own proprietary data on our network, it seems logical that we would be required to observe at least rudimentary security precautions.

But somebody in my organization touched on this topic with a customer prior to my involvement and made the statement that the requirements do not apply to us since some of our products are publicly available. Before I go step on those toes (they are upstairs) I am doing my homework.

Anybody here dealing with the NIST SP 800-171 standard, or it's big brother DFARS 252.204-7012?

As always, thank you so very much for participating in this forum. :popcorn:


Elsmar Forum Sponsor


Re: Any one working on NIST SP 800-171 (network and information security)?

Actually, I just started my journey this morning.

December 31, 2017 is the deadline.


Hi Norm,

I tried to answer your PM, but could not because I did not yet have enough posts. Therefore, I will answer here.

All I have had time to do is print out all of the requirements and list what we have in place that may or may not satisfy each item, sort of a "poor man's" gap analysis.

I do have a copy of the ISO/IEC 27001 standard as well. I need to find and download a comparison chart to see what ISO is lacking.

I set up a QMS a few years ago based on ISO 9001:2008, so I figured I would set up our ISMS based on ISO 27001 and grab any NIST leftovers at the end.

I am glad you had a survey to get you going. I'm in the weeds a bit myself. However, I have heard quite a few say they have gone the ISO way and that sounds feasible to me.




Trusted Information Resource
Thank you Jeff -

I wanted to provide an update, and ask for further documentation if available.

Jeff is correct about the deadline. The website at nvd dot nist dot gov/800-53/Rev4/impact/LOW has a beautiful set of information regarding requirements for Low Impact suppliers, and plenty of good counsel in footnotes regarding interpretation, suggestions for waiver or overlap in applicable situations, etc.

It even breaks it down to three priority levels (Implement these first, then .... ) so that you could make a minimum task list out of it.

Which is how I am going to present it to top management. But it's all in separate linked pages. Rather than cut/paste this damn stuff all day, I'm trying (without success) to find a PDF or word doc I can grab it all at one go in.

Anybody got any leads on one?

Thanks all -

Lee Purser

Hi all,
were small UK based machine shop, I'm a little late on the uptake of this one but better later than never! right?
We have firewalls, malware, virus software and all that good stuff in place; but the requirements of NIST SP seem to go much further than this. thanks for the info in the posts so far, but I wondered if anyone had found any simple effectively ways / solutions of implementing the requirements needed here?

Thread starter Similar threads Forum Replies Date
T Is anyone working with N299.1 (Supply/service to nuclear power plants)? Various Other Specifications, Standards, and related Requirements 0
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
C Anyone with experience working with/for Hyundai? Career and Occupation Discussions 2
A Transactional six sigma - Is anyone working in the field of transactional 6 sigma? Professional Certifications and Degrees 3
M Electronic Quality Manual - Does anyone have working Electronic Quality Manual? Quality Management System (QMS) Manuals 27
B Does anyone copyright their internal QMS documents? Document Control Systems, Procedures, Forms and Templates 24
Sam.F Anyone knows velocity 360 training Training - Internal, External, Online and Distance Learning 11
E Do anyone have document of automotive production risk and control of risk? Lean in Manufacturing and Service Industries 1
S Has anyone had experience with Intellect eQMS? ISO 13485:2016 - Medical Device Quality Management Systems 1
G Does anyone know about tobacco-free nicotine pouches? US Food and Drug Administration (FDA) 2
R Does anyone use iQMS for their ISO based document control? Manufacturing and Related Processes 1
L Did anyone hear business registration ontario? General Information Resources 1
Q Does anyone know what this call out means? Manufacturing and Related Processes 3
H Does anyone has feedback on a notified body for small companies? EU Medical Device Regulations 3
A Can anyone explain UKRP guidance relating to Northern Ireland? UK Medical Device Regulations 2
L Is there anyone joined Qserve's trainings? EU Medical Device Regulations 0
H Has anyone undergone MDR FQA review yet? EU Medical Device Regulations 10
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 3
Ed Panek Is anyone familiar with Article 60 Certificate of Free Sale EU Medical Device Regulations 6
N Does anyone use SGS for ISO 13485 / CE certification Registrars and Notified Bodies 0
A Can anyone share a Distribution Agreement template under MDR 2017/745? EU Medical Device Regulations 3
GreatNate Anyone using the Intellect QMS software? Quality Assurance and Compliance Software Tools and Solutions 1
P Anyone have an Idea on UAE Medical device registeration- Class B with FDA only Other Medical Device Regulations World-Wide 0
U Does *anyone* know a lab that will test to EN 455-4 Medical Gloves shelf life determination? EU Medical Device Regulations 1
N Does anyone have experience of GB/T 34986-2017? China Medical Device Regulations 1
Z Does anyone have experience with EN ISO 17664 ? IEC 62366 - Medical Device Usability Engineering 9
F Does anyone have an ESD quality/cooler talk to share? Training - Internal, External, Online and Distance Learning 4
A Does anyone have a checklist of API Spec 650 13th Edition? Oil and Gas Industry Standards and Regulations 0
P Does anyone have a API Q1 Documentation Package? Quality Management System (QMS) Manuals 1
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
Watchcat Anyone had an MDR technical file review/audit yet? EU Medical Device Regulations 13
S Anyone Familiar with "SPC for Excel" add-in? Lean in Manufacturing and Service Industries 4
M Has anyone has been through an MDR audit? (3/2020) EU Medical Device Regulations 1
M Has anyone heard of Run at Risk? Manufacturing and Related Processes 15
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 24
B ASA Aviation Supply Association - Has anyone heard of ASA? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Has anyone done an IEC 60601-1 gap analysis to IEC 60335? Medical Device and FDA Regulations and Standards News 4
D Has anyone had sudden challenges from Korea-MFDS? Other Medical Device Regulations World-Wide 1
MDD_QNA QR Code Standard ISO/IEC 15417:2007 - Does anyone use it? Other Medical Device Related Standards 3
F Hi friends, can anyone show me an example of a procedure for ISO 13485 6.4.1 Work Environment? ISO 13485:2016 - Medical Device Quality Management Systems 4
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
Ronen E Can anyone please explain this? (510k submission requirement) Other US Medical Device Regulations 14
GreatNate Metrotom - Does anyone have any exposure to the Zeiss Metrotom 800 or 1500? Manufacturing and Related Processes 0
D FDA Biomarker Qualification Program - Has anyone prepared an application? Medical Device and FDA Regulations and Standards News 0
GreatNate QMS in SharePoint - Is anyone doing this? Manufacturing and Related Processes 10
M Honda Audits - Does anyone have any experience with the QAV audit? General Auditing Discussions 4
L Has anyone heard of the 2 pan system? Manufacturing and Related Processes 6
Q Does anyone have experience implementing a QMS without ISO certification? Quality Manager and Management Related Issues 2
J Does anyone here use ISOXpress/IMSXpress QMS software? Software Quality Assurance 12
K Does anyone have a copy of a GM 5 Phase Problem solving form Problem Solving, Root Cause Fault and Failure Analysis 1

Similar threads

Top Bottom