NIST Special Publication 800-171, Revision 2, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations, has been approved as final. The protection of CUI while residing in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to carry out its missions and business operations.
This publication provides federal agencies with a set of recommended security requirements for protecting the confidentiality of CUI:
- when such information is resident in nonfederal systems and organizations;
- when the systems where CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies; and
- where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry.
Revision 2 provides minor editorial changes in Chapters One and Two, and in the Glossary, Acronyms, and References appendices. There are no changes to the basic and derived security requirements in Chapter Three.
