README for CSV file of security requirements from NIST SP 800-171 Revision 2, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations

Updated March 31, 2022

The security requirements in SP 800-171 Revision 2 are provided in multiple data formats. The PDF of SP 800-171 Revision 2 is the authoritative source of the CUI security requirements. The CSV and XLSX include the same data as the PDF version with one exception: in the CSV and XLSX file, a column titled "sort-as" was added to allow users using a spreadsheet program to SORT the security requirements in ascending (alphabetical) order. The values in this column indicate the relevant SP 800-171 security requirement, but are not used in any other publication or version of the SP 800-171 security requirements.  

The sort-as column was added to ensure customers are able to sort the security requirements as they appear in the publication. Due to the structure of the NIST SP 800-171 security requirements and the way that spreadsheet programs sort strings (ASCII sorting order), sorting by identifier will not result in the security requirements appearing in the correct order.

If there are any discrepancies noted in the content between the CSV, XLSX and the SP 800-171 PDF, please contact sec-cert@nist.gov and refer to the PDF as the normative source