Date Published: February 2018
Comments Due: March 23, 2018 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov
Planning Note (3/6/2018):
Documentation > Supplemental Material > CUI SSP template: ** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.
, ,
NIST is posting the Final Draft of Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the security requirements in NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.
This objective is accomplished by:
Your feedback on this draft publication is important to us. We appreciate each contribution from our reviewers. The comments we receive from the public and private sectors, nationally and internationally, continue to help shape the final publication to ensure that it meets the needs and expectations of our customers.
Please submit comments using the provided comment template.
None selected
Publication:
Final Draft SP 800-171A
Supplemental Material:
Comment template (xls)
CUI SSP template **[see Planning Note] (word)
CUI Plan of Action template (word)
Other Parts of this Publication:
SP 800-171 Rev. 1
Document History:
11/28/17: SP 800-171A (Draft)
02/20/18: SP 800-171A (Draft)
06/13/18: SP 800-171A (Final)
Security and Privacy
assurance; risk assessment; security controls
Laws and Regulations
Federal Information Security Modernization Act