Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Projects Protecting CUI SP 800-171

Protecting Controlled Unclassified Information CUI

Public Comments Draft SP 800-171 Rev 3

Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective.

February 21, 2024: NIST issues summary and analysis of comments received in response to SP 800-171 Revision 3 (final public draft) and SP 800-171A Revision 3 (initial public draft). 

Comments Received on SP 800-171 Revision 3 (Final Public Draft) and SP 800-171A Revision 3 (ipd)

Below are comments received on SP 800-171 Revision 3 (FPD), Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and SP 800-171A Revision 3 (IPD), Assessing Security Requirements for Controlled Unclassified Information.  The public comment period on both publications closed on January 26, 2024.

All comments submitted during the public comment period will be posted below with contact information has been redacted. All technical content will be posted as submitted, so commenters should not include information they do not wish to be posted (e.g., personal or business information).  

 
Date Received Submitted By
9 November 2023 Planet Works
11 November 2023 George Mason University
12 November 2023 DEFCERT
13 November 2023 Bond University
16 November 2023 DEFCERT
22 November 2023 Sound Way Consulting Inc.
3 December 2023 Compliance Forge
8 December 2023 Anonymous 
14 December 2023 Neil Lobron
22 December 2023 Eva Aviation
4 January 2024 Totem Tech
11 January 2024 Walsh Group
16 January 2024 Hiromitsu Tomozawa
16 January 2024 Jake Williams
17 January 2024 Tularosa Communications
22 January 2024 FIDO Alliance
22 January 2024 Arnold Magnetic Technologies
23 January 2024 Archstone Security
24 January 2024 Missile Defense Agency
24 January 2024 Parsons
25 January 2024 RTX
25 January 2024 Tevora
26 January 2024 EDUCAUSE
26 January 2024 Defense Cybersecurity Group
26 January 2024 DoD CIO CS
26 January 2024 Google
26 January 2024 Anonymous
26 January 2024 NDISAC
26 January 2024 NDIA
26 January 2024 PSCouncil
26 January 2024 SAIC
26 January 2024 NeoSystems Corp..
26 January 2024 Aerospace Industries Association
26 January 2024 Simventions Inc.
26 January 2024 Manufacturing Extension Partnership Center | The University of Utah
26 January 2024 Wanda L
26 January 2024 FFRDC UARC Security Council CUI Working Group
26 January 2024 Jacob Horne
26 January 2024 MSPs for the Protection of Critical Infrastructure
26 January 2024 Amazon Web Services
29 January 2024 GRC Academy

August 16, 2023: NIST issues summary and analysis of comments received in response to SP 800-171 Revision 3 initial public draft. 

Comments Received on Draft SP 800-171 Revision 3 (Initial Public Draft) 

Below are comments received on Draft Special Publication 800-171 Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.  The public comment period closed on July 14, 2023.

All comments submitted during the public comment period for Draft NIST SP 800-171 Revision 3 will be posted below, contact information has been redacted, but all technical content will be posted as submitted so commenters should not include information they do not wish to be posted (e.g., personal or business information).  

 
Date Received From
10 May 2023 FDIC
19 May 2023 GRC Academy
23 May 2023 ComplianceForge
8 June 2023 Braxton-Grant Technologies
8 June 2023 Professional Systems Associates Inc
10 June 2023 DTC Global LLC
14 June 2023 University of Arizona
14 June 2023 AECOM
15 June 2023 Hepburn and Sons LLC
21 June 2023 Entergy
22 June 2023 Falken Industries, LLC
23 June 2023 Southern Company
23 June 2023 Shawn Bilak
23 June 2023 APTIMA
28 June 2023 Innovative Circuits, Inc.
3 July 2023 Karthik Shourya Kaligotla
5 July 2023 Mercury Systems
6 July 2023 Precast Corporation
7 July 2023 HaiVisionMCS
7 July 2023 The Aerospace Corporation
7 July 2023 HITrustAlliance
7 July 2023 Trustwave Government Solutions
10 July 2023 Software Engineering Institute
10 July 2023 BallAerospace
10 July 2023 Andraste
11 July 2023 V2X
11 July 2023 FortressLabs
11 July 2023 Silverdraft
11 July 2023 National Institutes of Health
12 July 2023 Communications & Power Industries LLC
12 July 2023 GSA RMASS
12 July 2023 Kieri Solutions
12 July 2023 JHUAPL
12 July 2023 HackerOne
12 July 2023 Peraton
13 July 2023 Aerospace
13 July 2023 RTX
13 July 2023 USAF
13 July 2023 A4A
13 July 2023 VenableHPC
13 July 2023 TotemTech
13 July 2023 DoDCIO
13 July 2023 Darknight Industries
13 July 2023 Florida State University
13 July 2023 Ernst & Young
13 July 2023 Missile Defense Agency
13 July 2023 CymStar
14 July 2023 Island Systems
14 July 2023 Peak InfoSec
14 July 2023 Carnegie Mellon SEI
14 July 2023 Cloud Service Providers
14 July 2023 National Defense Info Sharing & Analysis Center
14 July 2023 DOE OCIO
14 July 2023 Forrester
14 July 2023 MITRE
14 July 2023 Lumen
14 July 2023 Forcepoint
14 July 2023 Qualcomm
14 July 2023 EDUCAUSE
14 July 2023 Savi
14 July 2023 WinTech
14 July 2023 Kaiser Permanente
14 July 2023 Professional Services Council
14 July 2023 University of Illinois CIO
14 July 2023 Boeing
14 July 2023 SAIC
14 July 2023 c3ISIT
14 July 2023 AIA NDIA
14 July 2023 Amazon
14 July 2023 SP6
14 July 2023 DOJ
14 July 2023 University of Idaho
14 July 2023 Defense Cybersecurity Group
14 July 2023 Guernsey
14 July 2023 Tactical Air Support
14 July 2023 CMMCInfo
17 July 2023 CTIA
17 July 2023 Fidelis Cybersecurity
17 July 2023 The Coalition for Government Procurement
19 July 2023 Planet Technologies, Inc.

 

Contacts

Ron Ross

Victoria Yan Pillitteri
victoria.yan@nist.gov

Topics

Security and Privacy: risk management

Created June 13, 2019, Updated January 27, 2025