[2/27/24, 11:00 AM EST] CSRC has been experiencing technical issues. If you are unable to access a CSRC page or resource, or get a 503 error, please try reloading the page several times--it may help to wait a few minutes before trying again. We apologize for the inconvenience, and hope to have a solution in place next week.
The initial public draft (IPD) of NIST Special Publication (SP) 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, is available for public comment and review through July 14, 2023.
This update to NIST SP 800-171 represents over one year of data collection, technical analyses, customer interaction, redesign, and development of the security requirements and supporting information for the protection of Controlled Unclassified Information (CUI). Many trade-offs have been made to ensure that the technical and non-technical requirements have been stated clearly and concisely while also recognizing the specific needs of both federal and nonfederal organizations.
Significant changes NIST SP 800-171, Revision 3 include:
In addition to the draft publication, NIST has issued an FAQ, a detailed analysis of the changes between Revision 2 and Revision 3, and a prototype CUI Overlay. All are available on the publication details page, under "Supplemental Material."
NIST will also host a webinar on June 6, 2023 to provide an overview of the significant changes to SP 800-171, Revision 3. Registration information will be announced separately through a GovDelivery announcement and on the Protecting CUI project site.
Submit Your Comments
The public comment period is open now through July 14, 2023. See the publication details for a copy of the draft and instructions for submitting comments.
Reviewers are encouraged to comment on all or parts of draft NIST SP 800-171, Revision 3. NIST is specifically interested in comments, feedback, and recommendations for the following topics:
Comments received in response to this request will be posted on the Protecting CUI project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. Please direct questions and comments to email@example.com.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.