U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-171A Rev. 3 (Initial Public Draft)

Assessing Security Requirements for Controlled Unclassified Information

Date Published: November 9, 2023
Comments Due: January 12, 2024
Email Comments to: 800-171comments@list.nist.gov

Author(s)

Ron Ross (NIST), Victoria Pillitteri (NIST)

Announcement

This initial public draft is being released along with NIST SP 800-171r3 fpd (final public draft). 

In addition to reflecting the security requirements in NIST SP 800-171r3 fpd, the following significant changes have been made:

  • Restructured the assessment procedure syntax to align with NIST SP 800-53A
  • The addition of a references section to provide source assessment procedures from NIST SP 800-53A
  • A one-time change to the publication version number (skipping “Revision 2”) to align with NIST SP 800-171r3

Submit Your Comments

The public comment period is open now through January 12, 2024. We strongly encourage you to use this comment template if possible, and submit it to 800-171comments@list.nist.gov.

Reviewers are encouraged to comment on all or parts of draft NIST SP 800-171A, Revision 3. NIST is specifically interested in comments, feedback, and recommendations for the following topics:

  • The alignment of the assessment procedures to NIST SP 800-53A
  • The use of organization-defined parameters (ODPs) in the assessment procedures
  • The ease-of-use of the assessment

Comments received in response to this request will be posted on the Protecting CUI project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed.

Please direct questions and comments to 800-171comments@list.nist.gov.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy Inclusion of Patents in ITL Publications.

 

Abstract

Keywords

assessment; assessment method; assessment object; assessment procedure; assurance; basic security requirement; controlled unclassified information; coverage; CUI registry; depth; Executive Order 13556; FISMA; NIST Special Publication 800-171; NIST Special Publication 800-53A; nonfederal organization; nonfederal system; security assessment; security control
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-171Ar3.ipd
Download URL

Supplemental Material:
Comment template (xlsx)
SP 800-171A Assessment Procedures (xlsx)

Document History:
11/09/23: SP 800-171A Rev. 3 (Draft)