U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-171A (Draft)

Assessing Security Requirements for Controlled Unclassified Information

Date Published: November 2017
Comments Due: January 15, 2018 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov

Author(s)

Ron Ross (NIST), Kelley Dempsey (NIST), Victoria Pillitteri (NIST)

Announcement

NIST announces the release of Draft Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information. This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the security requirements in NIST Special Publication 800-171, Protecting Controlled Unclassified Information is Nonfederal Systems and Organizations.

This objective is accomplished by:

  • Providing flexible and tailorable assessment procedures for the CUI security requirements;
  • Defining assessment objectives to help guide and inform the assessment;
  • Specifying assessment methods that can be used to generate evidence and produce findings and results;
  • Describing a set of assessment objects to which the methods can be applied;
  • Facilitating different levels of assurance in security assessments by varying the scope and rigor of the assessment through selectable depth and coverage attributes; and
  • Providing supplemental guidance to explain and interpret the CUI security requirements.

Your feedback on this draft publication is important to us. We appreciate each contribution from our reviewers. The very insightful comments from the public and private sectors, nationally and internationally, continue to help shape the final publication to ensure that it meets the needs and expectations of our customers.

Abstract

Keywords

Assessment; Assessment Method; Assessment Object; Assessment Procedure; Assurance; Controlled Unclassified Information; Coverage; CUI Registry; Depth; Derived Security Requirement; Executive Order 13556; FISMA; NIST Special Publication 800-53; Nonfederal Organization; Nonfederal System; Security Assessment; Basic Security Requirement; Security Control
Control Families

None selected

Documentation

Publication:
Draft SP 800-171A

Supplemental Material:
Comment Template for Draft SP 800-171A (xls)

Document History:
11/28/17: SP 800-171A (Draft)
02/20/18: SP 800-171A (Draft)
06/13/18: SP 800-171A (Final)