Government security breaches seem to hit the news every other month—keep an eye on your investments—including potential breaches caused by contractors. What may be a surprise is the idea that the government is not sure how many contractors they even have, as the Congressional Budget Office acknowledged in 2015. With an unknown number of contractors handling government information, there is a major concern about what security measures contractor organizations have implemented to protect the sensitive government information that they handle, possess, use, share, or receive. To help address this concern, the National Institute of Standards of Technology (NIST) published Special Publication (SP), 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, in June 2015, and Revision 1 was published in December 2016. NIST SP 800-171 defines security requirements for protecting Controlled Unclassified Information (CUI) created or possessed by non-federal entities.