Assessment procedures and a methodology that can be employed to conduct assessments of the CUI security requirements in NIST SP 800-171.
A system security plan describes how the SP 800-171 security requirements are met. The plan describes the system boundary; the environment in which the system operates; how the requirements are implemented; and the relationships with or connections to other systems. The scope of the assessments conducted using the procedures described in SP 800-171A are guided and informed by the system security plans for the organizational systems processing, storing, or transmitting CUI. The assessments focus on the implementation and effectiveness of the safeguards in place to meet the SP 800-171 security requirements.
Security and Privacy: risk management