Today, NIST is releasing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the CUI security requirements defined in SP 800-171 Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This objective is accomplished by:

• Providing flexible and tailorable assessment procedures for the CUI security requirements;
• Defining assessment objectives to help guide and inform the assessment;
• Specifying assessment methods that can be used to generate evidence and produce findings and results;
• Describing a set of assessment objects to which the methods can be applied;
• Facilitating different levels of assurance in security assessments by varying the scope and rigor of the assessment through selectable depth and coverage attributes; and
• Providing a discussion section for each CUI security requirement to explain  the requirement and to facilitate more effective assessments.