Protecting Controlled Unclassified Information CUI
Overview
Protecting Controlled Unclassified Information (CUI) in nonfederal systems and organizations is critical to federal agencies. The suite of guidance (NIST Special Publication (SP) 800-171, SP 800-171A, SP 800-172, and SP 800-172A) focuses on protecting the confidentiality of CUI and recommends specific security requirements to achieve that objective.
- February 21, 2024: NIST issues a summary and analysis of the comments received on SP 800-171 Revision 3 (final public draft) and SP 800-171A Revision 3 (initial public draft). Additionally, the current (final) versions of SP 800-171 Revision 2, SP 800-172, and SP 800-172A are now available in Cybersecurity and Privacy Reference Tool. The current (final) version of SP 800-171A will be available by the end of Q2 FY24.
- February 6, 2024: Comments received on SP 800-171 Revision 3 (fpd) and SP 800-171A Revision 3 (ipd) are posted.
- December 14, 2023: NIST announces an extension of the public comment period on both the final public draft (fpd) of SP 800-171 Revision 3 and initial public draft (ipd) of SP 800-171A Revision 3 to January 26, 2024 and opens registration for a free webinar, Critical Updates to NIST's CUI Publications: What You Need to Know, on January 10, 2024 from 1 p.m. to 2 p.m. EST.
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, provides a set of recommended security requirements for protecting the confidentiality of CUI.
NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, provides assessment procedures and a methodology to conduct assessments of the CUI security requirements in NIST SP 800-171.
NIST SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171, provides enhanced security requirements to help protect CUI associated with critical programs or high value assets in nonfederal systems and organizations from the advanced persistent threat (APT).
NIST SP 800-172A, Assessing Enhanced Security Requirements for Controlled Unclassified Information, provides assessment procedures and a methodology to conduct assessments of the enhanced security requirements in NIST SP 800-172.
Project Links
Additional Pages
Created June 13, 2019, Updated March 13, 2024