What is NIST 800-171?
For some time, the US Department of Defense has been working to revise its funding procurement procedures referred to as the Defense Federal Acquisition Regulation Supplement, or DFARS. Most important among all the details are the included requirements in the regulations (under 252.204-7012), which mandate that defense contractors meet the NIST special publication (SP) 800-171 standard that deals with Controlled [but] Unclassified Information (CUI).
NIST 800-171, unlike NIST 800-53, was written for non-government entities such as government contractors and service providers. With that being said, though NIST 800-171 is required for contractors, the DFARS regulation also necessitates the more comprehensive FedRAMP authorization for cloud service providers.