Date Published: June 2019
Comments Due: August 2, 2019 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov
, , , ,
Draft NIST SP 800-171 Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices. There are no changes to the basic and derived security requirements in Chapter Three. For ease of use, the Discussion sections, previously located in Appendix F (SP 800-171 Revision 1), have been relocated to Chapter Three to coincide with the basic and derived security requirements.
We encourage you to use the comment template provided when submitting your comments.
Also see Draft SP 800-171B, comment period July 19, 2019 has been extended to Friday, August 2, 2019.
NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; System and Communications Protection; System and Information Integrity
Publication:
Draft SP 800-171 Rev. 2
Draft SP 800-171 Rev. 2 with Line Numbers
Supplemental Material:
Draft SP 800-171 Rev. 2 with Line Numbers (pdf)
Comment template (xls)
NIST news article (other)
Document History:
06/19/19: SP 800-171 Rev. 2 (Draft)
02/21/20: SP 800-171 Rev. 2
Security and Privacy
audit & accountability; awareness training & education; maintenance; security controls; threats
Laws and Regulations
Federal Acquisition Regulation; Federal Information Security Modernization Act