Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Assessing Security Requirements for Controlled Unclassified Information (CUI): NIST Publishes SP 800-171A
June 13, 2018

Today, NIST is releasing Special Publication (SP) 800-171A, Assessing Security Requirements for Controlled Unclassified Information (CUI). This publication is intended to help organizations develop assessment plans and conduct efficient, effective, and cost-effective assessments of the CUI security requirements defined in SP 800-171 Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This objective is accomplished by:

  • Providing flexible and tailorable assessment procedures for the CUI security requirements;
  • Defining assessment objectives to help guide and inform the assessment;
  • Specifying assessment methods that can be used to generate evidence and produce findings and results;
  • Describing a set of assessment objects to which the methods can be applied;
  • Facilitating different levels of assurance in security assessments by varying the scope and rigor of the assessment through selectable depth and coverage attributes; and
  • Providing a discussion section for each CUI security requirement to explain  the requirement and to facilitate more effective assessments.

Parent Project

See: Protecting CUI

Related Topics

Security and Privacy: assurance, risk assessment, security controls

Laws and Regulations: Federal Information Security Modernization Act

Created June 13, 2018, Updated June 22, 2020