Back to Glossary
Agencies

National Institute of Standards and Technology(NIST)

A federal agency that develops technology standards and guidelines, including the cybersecurity frameworks required for government contractors.

Overview

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the Department of Commerce that develops measurement standards, technology, and guidelines used across government and industry. For government contractors, NIST is most significant for its cybersecurity publications — particularly NIST SP 800-171, which defines the security controls contractors must implement to protect Controlled Unclassified Information (CUI).

Why It Matters in GovCon

NIST SP 800-171 compliance is a contractual requirement for virtually all DoD contractors handling CUI, and compliance is increasingly required across civilian agencies as well. The Cybersecurity Maturity Model Certification (CMMC) program is built on NIST standards, making them central to contractor eligibility.

Key Details

  • NIST SP 800-171: 110 security controls across 14 families that contractors must implement to protect CUI. Required by DFARS clause 252.204-7012.
  • NIST SP 800-53: A broader set of security controls used by federal agencies themselves and sometimes referenced in contracts.
  • CMMC Alignment: The CMMC framework maps directly to NIST SP 800-171 controls at Level 2.
  • Self-Assessment: Contractors must conduct self-assessments and report their score in the Supplier Performance Risk System (SPRS).

Related Terms

  • Defense Federal Acquisition Regulation Supplement (DFARS)
  • Cybersecurity Maturity Model Certification (CMMC)
  • Controlled Unclassified Information (CUI)
  • System Security Plan (SSP)

More Agencies Terms

Defense Contract Audit Agency (DCAA)

The DoD agency responsible for auditing defense contractor costs, pricing, and accounting systems.

Government Accountability Office (GAO)

The independent congressional agency that investigates federal spending, audits government programs, and adjudicates bid protests.

General Services Administration (GSA)

The federal agency responsible for managing government buildings, providing products and services to agencies, and administering the GSA Schedule program.

Office of Small and Disadvantaged Business Utilization (OSDBU)

The office within each major federal agency responsible for promoting small business participation in the agency's contracting activities.

Past Performance Information Retrieval System (PPIRS)

The federal database (now part of CPARS) where agencies record and retrieve contractor performance evaluations for use in source selection.

Procurement Technical Assistance Center (PTAC)

Federally funded local centers that provide free counseling and training to businesses seeking government contracts.

Ready to Win More Contracts?

Use GovCon Data to find opportunities matched to your business and generate winning proposals with AI.

Start Free TrialBrowse Glossary