NIST 800-171

AAC has self-certified and scored its information security infrastructure against the 110 controls specified in NIST SP 800-171 using the U.S. Department of Defense (DoD) Assessment Methodology. AAC’s assessment score and plan of action completion date have been reported into the DoD Supplier Performance Risk System (SPRS) as required by the “Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)” published in the Federal Register.

NIST SP800-171 is a codification of the requirements that any non-Federal computer system must follow to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such systems.