NIST

The National Institute of Standards and Technology (NIST) is the U.S. federal agency that develops the cybersecurity standards, guidelines, and frameworks used throughout government and industry. NIST doesn't enforce compliance — it creates the standards that other agencies (like the DoD) incorporate into their requirements.

For defense contractors, NIST is the source of the security requirements you must implement. NIST SP 800-171 defines the controls for protecting CUI, NIST SP 800-53 provides the comprehensive control catalog used in RMF, and NIST SP 800-37 describes the Risk Management Framework process.