How long is the NCSP 800-171 Foundation course?

This is a 2-day instructor-led course.

Who should attend this CUI-focused course?

It is ideal for contractors, security professionals, and compliance teams handling Controlled Unclassified Information.

Are there prerequisites for this course?

No prerequisites are required for this Foundation-level course.

Do participants receive certification?

Yes, attendees receive the NCSP 800-171 Foundation Certificate and digital badge.

NIST Cybersecurity Professional®
NCSP® 800-171 Foundation Certificate

Master the Requirements for Protecting Controlled Unclassified Information (CUI)

NIST Cybersecurity Professional®

NCSP® 800-171 Foundation Certificate

Course Description

Organisations across defence, aerospace, critical infrastructure, and government supply chains are increasingly required to protect Controlled Unclassified Information (CUI). NIST SP 800‑171 Rev. 3 provides the definitive set of security requirements for safeguarding CUI in non-federal systems, forming the backbone of compliance programs such as DFARS, CMMC, and federal contracting obligations.

The NCSP® 800‑171 Foundation Certificate is a 2‑day, instructor‑led course that introduces participants to the structure, purpose, and application of NIST SP 800‑171. This course explains how to interpret the 110 security requirements, implement them within organisational environments, and align them with the NIST Cybersecurity Framework (CSF) 2.0.

Participants learn how to build a defensible, audit‑ready compliance program that protects sensitive information, reduces supply chain risk, and supports contractual obligations.

What You Will Learn

Participants gain the foundational knowledge required to understand and apply the NIST SP 800‑171 Rev. 3 requirements. You will learn:

How NIST SP 800‑171 aligns with the NIST CSF 2.0 and supports broader risk‑based cybersecurity programs.
The structure and purpose of the 14 requirement families and 110 security requirements.
How to interpret and implement requirements in real‑world environments.
The relationship between NIST SP 800‑171, NIST SP 800‑172 (enhanced security requirements), and CMMC.
How to develop System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and evidence packages.
Approaches for preparing for assessments, audits, and ongoing compliance monitoring.

Course Agenda

Day 1: Foundations, Requirement Families & Governance

Module 1: Introduction to NIST SP 800‑171 Rev. 3

Understanding the purpose, evolution, and regulatory drivers behind 800‑171, including its role in protecting CUI.

Module 2: Structure of the 800‑171 Requirements

Exploring the 14 requirement families, requirement statements, and the shift toward outcome‑based security.

Module 3: Governance & Compliance Integration

Establishing organisational roles, responsibilities, and governance structures that support 800‑171 compliance.

Module 4: Requirement Interpretation & Implementation

Understanding how to translate requirement language into actionable security and operational practices.

Day 2: Documentation, Assessment & Continuous Compliance

Module 5: System Security Plans (SSPs) & POA&Ms

Developing documentation that demonstrates requirement implementation, gaps, and remediation plans.

Module 6: Evidence Collection & Audit Readiness

Identifying artifacts, technical evidence, and operational proof needed to demonstrate compliance.

Module 7: Assessment Preparation & Risk Management

Understanding assessment methodologies, scoring models, and how to manage findings and remediation.

Module 8: Continuous Monitoring & Improvement

Implementing ongoing compliance activities, automation opportunities, and alignment with NIST CSF 2.0.

Learning Outcomes

Participants will be able to:

Explain how NIST SP 800‑171 Rev. 3 supports the NIST Cybersecurity Framework 2.0 and federal contracting requirements.
Identify and describe the 14 requirement families and 110 security requirements.
Interpret requirement language and translate it into practical, implementable security controls.
Develop and maintain SSPs, POA&Ms, and evidence packages that support audit readiness.
Apply assessment and continuous monitoring practices to maintain compliance over time.
Strengthen organisational security posture by integrating 800‑171 into broader risk management processes.

Who Should Attend?

This course is designed for professionals responsible for protecting CUI or supporting compliance programs, including:

Cybersecurity & Risk Management Professionals
Compliance, Audit, and Governance Personnel
IT Managers & System Administrators
Defense Contractors & Subcontractors
Supply Chain & Vendor Management Teams
Program & Project Managers supporting federal contracts

Prerequisites

There are no formal prerequisites for this Foundation‑level course, though a basic understanding of cybersecurity concepts and the NIST CSF is recommended.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-171 Foundation Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-171 Foundation Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-171 Foundation Certificate digital badge.