The National Institute of Standards and Technology (NIST), within the U.S. Department of Commerce, creates standards and guidelines pertaining to information security. NIST’s Special Publication 800-171 focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in non-federal information systems and organizations, and defines security requirements to achieve that objective. The security controls of NIST 800-171 can be mapped directly to NIST 800-53. This mapping is available on page D-2 of the publication NIST.SP.800-171.
The Google Cloud services below have undergone an independent third-party assessment that confirms our compliance with NIST 800-53 controls in scope for FedRAMP, which includes all requisite controls described in NIST 800-171.