NIST Media Protection Requirements

The clock is ticking on the latest compliance mandate: NIST Special Publication 800-171. Any organization or contractor that holds or processes controlled unclassified information must ensure that they comply with the new regulation. Failure to comply with this mandate will leave you in breach of contract, and subject to criminal, civil, administrative, and penalties by the United States.

Any federal contractor that provides financial services, web, and electronic mail services, background investigation for security clearances, processes healthcare data, cloud services, or develops communications needs to abide by this new regulation.

December 31, 2017, is the ultimate deadline by which to prove compliance, so action is recommended as soon as possible.

What is NIST SP 800-171?

The long and short of it is that NIST SP 800-171 will regulate the handling and use of unclassified information shared between the Federal Government and the private sector. Affected businesses might include manufacturing contractors, who need to securely handle specs for technologies and parts, or academic and research institutions that are given access to Federal databanks. This is by no means an exhaustive list, and, since failure to comply with the new guidelines could cost your business a lucrative contract, or risk other adverse consequences, it’s better to be safe than sorry.

What are the new NIST Media Protection requirements?


Companies must protect paper and digital data by setting physical controls and secure storage.


Companies must limit access of information to authorized users.


Companies must properly destroy media.

How Does Corodata Handle NIST Media Protection?

Of the 14 major categories of information security specified by the new codes, Corodata is specially equipped to provide NIST media protection services to your business.

NIST Media protection refers to the storage, accessibility, and destruction of media (everything from data servers and hard drives to paper files) that contains controlled unclassified information (CUI) being shared with your business. For example, if you are in possession of the manufacturing specs for your machines in your shop, those specs are considered CUI and must be properly destroyed. If you’ve stored them digitally, then any part of your network that has interfaced with that data will eventually need to be wiped or destroyed appropriately.

It’s not as simple as just deleting the files – they can always be recovered. In most cases, drives containing sensitive information need to be properly obliterated.

Trust Corodata for Information Security Compliance

Corodata has always guaranteed that we’ll keep your business in full information security compliance with all applicable strictures and legislation, and we stand by that guarantee with the introduction of NIST Media Protection requirements. Corodata specializes in storing offsite unplugged media in our Firelock vault. With a hard deadline of December 31, 2017, for all businesses to which the new codes apply, keeping your business in information security compliance with the new codes for “protecting controlled unclassified information in nonfederal systems and organizations” can be a daunting challenge.

Work with Corodata Today

We’re California’s elite information security professionals, and we completely guarantee that all our customers will be kept in complete compliance with all appropriate legislation, including the impending NIST SP 800-171. It’s encouraged that your business comply with the new codes as soon as possible, but the hardline is at the end of next quarter, so there’s no time to waste!

Are you ready to store your data offsite?

Corodata can help you with secure offsite data storage. Yes, I’m ready


Protecting Unclassified Information in Nonfederal Information Systems and Organizations | Archived NIST Technical Series Publication