U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Projects Protecting CUI

Protecting Controlled Unclassified Information (CUI) CUI

SP 800-171

NIST SP 800-171 Logo

Security Requirements for Protecting CUI

Purpose

Recommended security requirements for protecting the confidentiality of CUI:

     (1) when the CUI is resident in a nonfederal system and organization;

     (2) when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and

     (3) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category listed in the CUI Registry.

Scope

The requirements apply to components of nonfederal systems that process, store, or transmit CUI, or that provide security protection for such components.

Download SP 800-171 Security Requirements in different formats
Resources

 

 

 

Contacts

Ron Ross
ron.ross@nist.gov

Victoria Yan Pillitteri
victoria.yan@nist.gov

Topics

Security and Privacy: risk management

Created June 13, 2019, Updated July 27, 2022