Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST Publishes SP 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
February 21, 2020

NIST Special Publication 800-171, Revision 2, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations, has been approved as final. The protection of CUI while residing in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to carry out its missions and business operations. 

This publication provides federal agencies with a set of recommended security requirements for protecting the confidentiality of CUI:

  1. when such information is resident in nonfederal systems and organizations;
  2. when the systems where CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and
  3. where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry. 
Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices. There are no changes to the basic and derived security requirements in Chapter Three. 
Created February 21, 2020, Updated February 25, 2020