Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Assessing Security Requirements for Controlled Unclassified Information (CUI): NIST Publishes SP 800-171A
June 13, 2018

Today, NIST is releasing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the CUI security requirements defined in SP 800-171 Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This objective is accomplished by:

  • Providing flexible and tailorable assessment procedures for the CUI security requirements;
  • Defining assessment objectives to help guide and inform the assessment;
  • Specifying assessment methods that can be used to generate evidence and produce findings and results;
  • Describing a set of assessment objects to which the methods can be applied;
  • Facilitating different levels of assurance in security assessments by varying the scope and rigor of the assessment through selectable depth and coverage attributes; and
  • Providing a discussion section for each CUI security requirement to explain  the requirement and to facilitate more effective assessments.
Created June 13, 2018, Updated October 24, 2018