Pitt's NIST 800-171 Assessment and Implementation

Wednesday, May 15 | 3:30PM–4:30PM CT | Vevey 3, Second Floor Event Centre
Session Type: Breakout Session
Delivery Format: Interactive Presentation
We'll present a case study of our phased approach to NIST 800-171 compliance at Pitt. Information security developed two Qualtrics surveys with multiple-choice responses to capture the data collected and the security controls in each department. The initial survey was sent to each department to capture the data types collected and the basic security controls in place. Security performed a risk assessment based on the initial survey results. Each department deemed high-risk data was sent a second survey based on the 800-171 controls. Finally, security analyzed the 800-171 survey results, identified gaps, and assisted the department in developing remediation plans.

Outcomes: Learn about Pitt's process, methods and tools for performing NIST 800-171 assessments and mitigationsObtain a copy of Pitt's detailed NIST 800-171 survey questionsUnderstand some of the challenges with performing the NIST 800-171 assessment


  • Sean Gallagher

    Security Analyst, University of Pittsburgh
  • Joel Garmon

    Chief Information Security Officer, University of Pittsburgh
  • Chris Seiders

    Security analyst , University of Pittsburgh

Resources & Downloads

  • Sample Questions for NIST 800171 initial survey

    Updated on 11/17/2022
  • Pitt NIST 800171 implementation case study

    Updated on 11/17/2022
  • Sample Questions for NIST 800171 detailed followup survey

    Updated on 11/17/2022