Date Published: February 2020 (includes updates as of January 28, 2021)
Supersedes:
SP 800-171 Rev. 2 (02/21/2020)
Planning Note (04/13/2022):
The security requirements in SP 800-171 Revision 2 are available in multiple data formats. The PDF of SP 800-171 Revision 2 is the authoritative source of the CUI security requirements. If there are any discrepancies noted in the content between the CSV, XLSX, and the SP 800-171 PDF, please contact sec-cert@nist.gov and refer to the PDF as the normative source. ** There is no prescribed format or specified level of detail for system security plans. However, organizations ensure that the required information in [SP 800-171 Requirement] 3.12.4 is conveyed in those plans.
Access Control; Awareness and Training; Audit and Accountability; Configuration Management; Identification and Authentication; Maintenance; Media Protection; Physical and Environmental Protection; Personnel Security; System and Communications Protection; System and Information Integrity
Publication:
https://doi.org/10.6028/NIST.SP.800-171r2
Download URL
Supplemental Material:
Security Requirements Spreadsheet (xlsx)
Security Requirements CSV
README for CSV (txt)
CUI Plan of Action template (docx)
CUI SSP template **[see Planning Note] (docx)
Mapping: Cybersecurity Framework v.1.0 to SP 800-171 Rev. 2 (xlsx)
Other Parts of this Publication:
SP 800-171A
Related NIST Publications:
Document History:
01/28/21: SP 800-171 Rev. 2 (Final)
audit & accountability, awareness training & education, maintenance, security controls, threats
Laws and RegulationsFederal Acquisition Regulation, Federal Information Security Modernization Act