U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-171A

Assessing Security Requirements for Controlled Unclassified Information

Date Published: June 2018

Planning Note (6/13/2018):

Documentation > Supplemental Material > CUI SSP template:

** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.


Ron Ross (NIST), Kelley Dempsey (NIST), Victoria Pillitteri (NIST)



assessment; assessment method; assessment object; assessment procedure; assurance; basic security requirement; Controlled Unclassified Information; coverage; CUI Registry; depth; derived security requirement; Executive Order 13556; FISMA; NIST Special Publication 800-53; NIST Special Publication 800-53A; nonfederal organization; nonfederal system; security assessment; security control
Control Families

None selected


SP 800-171A (DOI)
Local Download

Supplemental Material:
CUI SSP template **[see Planning Note] (word)
CUI Plan of Action template (word)

Other Parts of this Publication:
SP 800-171 Rev. 1

Related NIST Publications:
ITL Bulletin
SP 800-53 Rev. 4
SP 800-53A Rev. 4

Document History:
11/28/17: SP 800-171A (Draft)
02/20/18: SP 800-171A (Draft)
06/13/18: SP 800-171A (Final)