Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Protecting Controlled Unclassified Information CUI

SP 800-171

NIST SP 800-171 Logo

Security Requirements for Protecting CUI

Purpose

Recommended security requirements for protecting the confidentiality of CUI:

     (1) when the CUI is resident in a nonfederal system and organization;

     (2) when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and

     (3) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category listed in the CUI Registry.

Scope

The requirements apply to components of nonfederal systems that process, store, or transmit CUI, or that provide security protection for such components.

Download SP 800-171 Security Requirements in different formats
Resources

 

 

 

Created June 13, 2019, Updated March 13, 2024