Skip to main content
Procore Support (en-au)

Procore and NIST 800-171

Procore’s commitment to information security and privacy

We understand that there’s a lot of trust on the part of our customers to keep their data on the Cloud. Security is a top priority for Procore, and we continue to invest significantly in broad initiatives to ensure that our customers’ data is safe, secure and private.

Procore is committed to protecting its clients, subscribers, employees and Procore from damaging acts that are intentional or unintentional. Effective security is a team effort involving the participation and support of every Procore user who interacts with data and information systems.

What is NIST 800-171?

NIST 800-171 refers to National Institute of Standards and Technology Special Publication 800-171, which governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. It is essentially a set of standards that define how to safeguard and distribute information that is deemed sensitive but not classified.

NIST 800-171 was developed after FISMA (Federal Information Security Management Act) was passed in 2003, resulting in several security standards and guidelines.  It was created in part to improve cybersecurity, especially after numerous well-documented breaches. According to the National Institute of Standards and Technology, it is “a national imperative” to make sure unclassified information that isn’t part of federal information systems and organizations is properly protected and consistent.

What this means for Procore customers?

Achieving NIST 800-171 compliance requires significant effort and deep diving into all the key Control areas to make sure appropriate security procedures are properly addressed. Procore underwent a Third-party attestation covering all the Basic and Derived controls in these key areas.

Procore can supply (on a confidential basis) a summary copy of the attestation letter to customers that reflects its compliance.