U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Assessing Security Requirements for Controlled Unclassified Information (CUI): NIST Publishes SP 800-171A
June 13, 2018

Today, NIST is releasing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the CUI security requirements defined in SP 800-171 Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This objective is accomplished by:

  • Providing flexible and tailorable assessment procedures for the CUI security requirements;
  • Defining assessment objectives to help guide and inform the assessment;
  • Specifying assessment methods that can be used to generate evidence and produce findings and results;
  • Describing a set of assessment objects to which the methods can be applied;
  • Facilitating different levels of assurance in security assessments by varying the scope and rigor of the assessment through selectable depth and coverage attributes; and
  • Providing a discussion section for each CUI security requirement to explain  the requirement and to facilitate more effective assessments.
Created June 13, 2018, Updated June 22, 2020