CMMC GLOSSARY // NIST SP 800-171

What is NIST SP 800-171?

NIST SP 800-171 is the federal standard of 110 security controls for protecting CUI in non-federal systems — the technical basis of CMMC Level 2.

NIST Special Publication 800-171 defines 110 security requirements across 14 control families, from Access Control to System and Communications Protection. CMMC Level 2 is, in practice, an assessment against these 110 controls.

Revision 2 remains the assessment baseline under DoD's current class deviation. Revision 3 restructures the families and introduces Organization-Defined Parameters, but CMMC has not yet moved its assessment baseline to Rev 3.

Each control is scored, and unimplemented controls subtract points from a maximum of 110 — which is how an environment that feels 'mostly compliant' can produce a deeply negative SPRS score.

FROM TERMS TO READINESS

See where you actually stand on the 110 controls.

PolicyCortex maps your live cloud against every NIST 800-171 control and generates C3PAO-ready evidence. Start with the free assessment.

SYS: ONLINE
FOCUSCMMC L2 / L3
BUILD0aed52
CMMC DEADLINET-d
©2026 POLICYCORTEX, INC.